SMURF amplifier block list

jlixfeld at idirect.ca jlixfeld at idirect.ca
Fri Apr 17 19:18:43 UTC 1998 

Why not just block them at your interface with an access-list (firewall)
filter?

On Tue, 14 Apr 1998, Forrest W. Christian wrote:

:On Tue, 14 Apr 1998, Hank Nussbacher wrote:
:
:> All outgoing pkts to 220.88.192.128/27 now should go to Null0.  I am sure
:> one can improve on the logic even more.
:
:Exactly.  All OUTGOING packets.   Not Incoming. Not the smurf attack
:packets which are swamping your downstream customer, which have a source
:address from 220.88.192.128/27.
:
:I will concede that shutting off connectivity to a site by a large enough
:chunk of the net should get someone to fix stuff....  But part of the
:advantage of the MAPS RBL BGP feed is that it helps to cut down spam
:coming into your network.  A BGP feed TODAY won't block a ping
:amplification attack aimed at your network or a downstream.  All it will
:do is prevent your customers from using the ping amplification networks to
:launch an attack.   And, if you have the appropriate anti-spoofing filters
:in place, they shouldn't be able to attack anything other than the valid
:source addresses you have in your outbound filter set.
:
:- Forrest W. Christian (forrestc at imach.com) 
:----------------------------------------------------------------------
:iMach, Ltd., P.O. Box 5749, Helena, MT 59604      http://www.imach.com
:Solutions for your high-tech problems.                  (406)-442-6648
:----------------------------------------------------------------------
:
:

--
Regards,  

Jason A. Lixfeld             jlixfeld at idirect.ca
iDirect Network Operations   jlixfeld at torontointernetxchange.net

---------------------------------------------------------------------
TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
5415 Dundas Street West      | http://www.torontointernetxchange.net
Suite 301, Toronto Ontario   | (416) 236-5806	     (T)
M9B-1B5 CANADA               | (416) 236-5804        (F)
---------------------------------------------------------------------

More information about the NANOG mailing list