SMURF amplifier block list
dean at av8.com
Tue Apr 14 05:15:51 UTC 1998
You right that all BGP would do is block traffic to that network. But it
does block *all* traffic to that network. Once the attack is started, it
must either be stopped at the source, or by inbound packet filters.
Not that I'm defending it as completely effective method, but presumably
some of the customers of the smurfable network have the off-hours access
numbers to the noc of the smurfing network, once they notice their
connectivity to elsewhere is lost. Adding a route to a route filter at a
high enough level ought to get some quick attention from the smurfing
network operator. Especially if its their upstream that blocked them.
Things actually break for them, as opposed to just higher network load.
It also prevents your own disgruntled users from launching a smurf attack
against other users on your net, since they won't be able to reach those
networks. At least, not from your machines.
Also, it will prevent a person from launching an attack if someone is
filtering between them and the network.
And it has the advantage of being automatically updated, once a change is
made to the master list.
And I think a route blackhole is probably faster than a permission list.
Not positive, though.
Anyway, I'll offer a site to host the list, and redistribute the list in
hopefully convenient forms. Several people have already volunteered to
help, so its up to you folks to ask for and/or implement convenient forms
of distribution. Whether you want to block all ingress by hand, or just
general connectivity by BGP or some other method is up to you. It is
possible to do both, or neither. The important thing is to get a list and
maintain it. I think we can dump the list into several different forms for
Plain Aviation, Inc dean at av8.com
We Make IT Fly! (617)242-3091 x246
More information about the NANOG