SMURF amplifier block list
Hank Nussbacher
hank at ibm.net.il
Tue Apr 14 11:42:57 UTC 1998
At 03:31 AM 4/14/98 -0600, Forrest W. Christian wrote:
>On Tue, 14 Apr 1998, Hank Nussbacher wrote:
>
>> All outgoing pkts to 220.88.192.128/27 now should go to Null0. I am sure
>> one can improve on the logic even more.
>
>Exactly. All OUTGOING packets. Not Incoming. Not the smurf attack
>packets which are swamping your downstream customer, which have a source
>address from 220.88.192.128/27.
My textual mistake - this snippet is to send pkts to dev/null for all pkts
*sourced* from 220.88.192.128/27. -Hank
>
>I will concede that shutting off connectivity to a site by a large enough
>chunk of the net should get someone to fix stuff.... But part of the
>advantage of the MAPS RBL BGP feed is that it helps to cut down spam
>coming into your network. A BGP feed TODAY won't block a ping
>amplification attack aimed at your network or a downstream. All it will
>do is prevent your customers from using the ping amplification networks to
>launch an attack. And, if you have the appropriate anti-spoofing filters
>in place, they shouldn't be able to attack anything other than the valid
>source addresses you have in your outbound filter set.
>
>- Forrest W. Christian (forrestc at imach.com)
>----------------------------------------------------------------------
>iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com
>Solutions for your high-tech problems. (406)-442-6648
>----------------------------------------------------------------------
>
>
>
More information about the NANOG
mailing list