SMURF amplifier block list

Alex P. Rudnev alex at
Tue Apr 14 09:27:34 UTC 1998

The whole idea was to block attempts to make SMURF atatck originated from 
your network, and this case the black list of addresses to be blocked 
(it's the list of broadcast addresses used to amplify ICMP) joined with 
the logging such attempts is quite usefull.

> Date: Mon, 13 Apr 1998 19:46:29 -0600 (MDT)
> From: Forrest W. Christian <forrestc at>
> To: Vadim Antonov <avg at>
> Cc: Karl Denninger <karl at>, Dean Anderson <dean at>,
>     "Jay R. Ashworth" <jra at>, nanog at
> Subject: Re: SMURF amplifier block list
> On Mon, 13 Apr 1998, Vadim Antonov wrote:
> >  Uh.  Just modify BGP routes from that feed to have a next hop pointing
> >  to a black hole.  route-maps are sometimes useful.
> Could someone PLEASE explain to me how this is accomplished?

More information about the NANOG mailing list