SMURF amplifier block list

Aaron Beck abeck at falcon.org
Tue Apr 14 20:53:07 UTC 1998


On Tue, 14 Apr 1998, Stephen Sprunk wrote:

> Are we really concerned about being smurfed by a /30, or even a /27?
> 
> The essential problem is backbone class-C's, especially those in NAPs
> where coordination is nearly impossible.  Smaller subnets tend to be in
> small ISPs' or customers' networks, which don't pose a threat since they
> lack the bandwidth for an effective attack.

Im kind of under the impression that we're (ok, just me, but anyone
else is welcome to jump on this bandwagon) trying to point out that
class based thinking.. or even "well, most of the net is this" thinking is
probably a bad idea.  Kludges n' hacks may work most of the time, but
kludges and hacks are just that.. kludgey and hackish.  Hard coded
defines, precompiled bins, etc have proven to be a less elegant method in
other areas of the computing world... why should we repeat the same kind
of mistake in the networking field?  A smurf attack is just that, a smurf
attack.  Wouldnt the overall goal include removing the attack possibility
in its entirety, not just a temporary solution that may solve some of the
problems, but definetly not all of them?

Assuming that most of the net is based on /24s, and that smaller subnets
are generally internal to those /24's may be a safe assumption, but once
again its probably not the best way to think about this problem (not that
I have any hints on what the best way should be, but im fairly certain
that applying a stereotypical ideology to this is "not a good thing").

just my two bits and a lot of run on sentences.

--  Aaron
  





More information about the NANOG mailing list