SMURF amplifier block list - READ THIS

• Previous message (by thread): SMURF amplifier block list - READ THIS
• Next message (by thread): SMURF amplifier block list - READ THIS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 15, 1998 at 01:04:19PM -0600, Dax Kelson wrote:
> This isn't quite as bad as it sounds, because in nearly all cases, the
> *OUTGOING* bandwidth from the amplification network will be *MUCH* less
> then the aggregate traffic produced by all the devices on the
> amplification LAN. 
> 
> So what ends up happening in most cases, is that 20-90Mpbs of traffic
> slams into the router interface capable of only 1.5/3/6/9Mbps of outgoing
> traffic.  Still, though a modem or ISDN connection being able to summon
> 1.5-9Mpbs is quite a problem.

Well, most of the real "problem" smurf sites are DS-3 connected or better.
The little ones don't bother us.

> There has been very little mention of anti-SPOOF measures in this thread
> which is surprising.

Try to get people to do that.... we have, its pointless.

> IP SPOOFing is *THE SOURCE* of all the major problems:
> 
> SYN-FLOOD
> TEARDROP and variants
> SMURF
> What's Next???
> 
> 
> Solutions:
> 
> Validate all traffic leaving your networks to be sure the IP source is
> from one of your networks.
> 
> Everyone from the tier 1 providers on down should write that requirement
> into all their connection agreements.
> 
> Further, the fact is that nearly *ALL* such attacks (attacks that use
> IP-SPOOFing as a requirement) are launched from dial-up connections.
> 
> If would be relatively easy to have a *DRAMATIC* reduction in attacks if
> the dialup equipment vendors would release software updates with *DEFAULT*
> anti-spoof filters applied to dialup connections.
> 
> Put some pressure on your vendors, nearly all dialup ports are made by
> either Lucent/Livingston, Ascend, and 3COM/USR.
> 
> I've been asking Livingston for two years for this feature.
> 
> Dax Kelson
> Internet Connect, Inc.

Yeah, well, why not find a way to ram it down UUNET, SPRINT, MCI's, and the
rest of the national's throats first?

We already do this - its not a perfect filter, but it will only let you
transmit packets with sources that COULD possibly come from us.

--
-- 
Karl Denninger (karl at MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
			     | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

• Previous message (by thread): SMURF amplifier block list - READ THIS
• Next message (by thread): SMURF amplifier block list - READ THIS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]