SMURF amplifier block list

Alex P. Rudnev alex at Relcom.EU.net
Tue Apr 14 09:27:34 UTC 1998


The whole idea was to block attempts to make SMURF atatck originated from 
your network, and this case the black list of addresses to be blocked 
(it's the list of broadcast addresses used to amplify ICMP) joined with 
the logging such attempts is quite usefull.

> Date: Mon, 13 Apr 1998 19:46:29 -0600 (MDT)
> From: Forrest W. Christian <forrestc at iMach.com>
> To: Vadim Antonov <avg at pluris.com>
> Cc: Karl Denninger <karl at mcs.net>, Dean Anderson <dean at av8.com>,
>     "Jay R. Ashworth" <jra at scfn.thpl.lib.fl.us>, nanog at merit.edu
> Subject: Re: SMURF amplifier block list
> 
> On Mon, 13 Apr 1998, Vadim Antonov wrote:
> 
> >  Uh.  Just modify BGP routes from that feed to have a next hop pointing
> >  to a black hole.  route-maps are sometimes useful.
> 
> Could someone PLEASE explain to me how this is accomplished?
....



More information about the NANOG mailing list