SMURF amplifier block list - READ THIS
Karl Denninger
karl at Mcs.Net
Wed Apr 15 19:22:15 UTC 1998
On Wed, Apr 15, 1998 at 01:04:19PM -0600, Dax Kelson wrote:
> This isn't quite as bad as it sounds, because in nearly all cases, the
> *OUTGOING* bandwidth from the amplification network will be *MUCH* less
> then the aggregate traffic produced by all the devices on the
> amplification LAN.
>
> So what ends up happening in most cases, is that 20-90Mpbs of traffic
> slams into the router interface capable of only 1.5/3/6/9Mbps of outgoing
> traffic. Still, though a modem or ISDN connection being able to summon
> 1.5-9Mpbs is quite a problem.
Well, most of the real "problem" smurf sites are DS-3 connected or better.
The little ones don't bother us.
> There has been very little mention of anti-SPOOF measures in this thread
> which is surprising.
Try to get people to do that.... we have, its pointless.
> IP SPOOFing is *THE SOURCE* of all the major problems:
>
> SYN-FLOOD
> TEARDROP and variants
> SMURF
> What's Next???
>
>
> Solutions:
>
> Validate all traffic leaving your networks to be sure the IP source is
> from one of your networks.
>
> Everyone from the tier 1 providers on down should write that requirement
> into all their connection agreements.
>
> Further, the fact is that nearly *ALL* such attacks (attacks that use
> IP-SPOOFing as a requirement) are launched from dial-up connections.
>
> If would be relatively easy to have a *DRAMATIC* reduction in attacks if
> the dialup equipment vendors would release software updates with *DEFAULT*
> anti-spoof filters applied to dialup connections.
>
> Put some pressure on your vendors, nearly all dialup ports are made by
> either Lucent/Livingston, Ascend, and 3COM/USR.
>
> I've been asking Livingston for two years for this feature.
>
> Dax Kelson
> Internet Connect, Inc.
Yeah, well, why not find a way to ram it down UUNET, SPRINT, MCI's, and the
rest of the national's throats first?
We already do this - its not a perfect filter, but it will only let you
transmit packets with sources that COULD possibly come from us.
--
--
Karl Denninger (karl at MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV
| NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
More information about the NANOG
mailing list