SMURF amplifier block list

jlixfeld at jlixfeld at
Fri Apr 17 19:18:43 UTC 1998

Why not just block them at your interface with an access-list (firewall)

On Tue, 14 Apr 1998, Forrest W. Christian wrote:

:On Tue, 14 Apr 1998, Hank Nussbacher wrote:
:> All outgoing pkts to now should go to Null0.  I am sure
:> one can improve on the logic even more.
:Exactly.  All OUTGOING packets.   Not Incoming. Not the smurf attack
:packets which are swamping your downstream customer, which have a source
:address from
:I will concede that shutting off connectivity to a site by a large enough
:chunk of the net should get someone to fix stuff....  But part of the
:advantage of the MAPS RBL BGP feed is that it helps to cut down spam
:coming into your network.  A BGP feed TODAY won't block a ping
:amplification attack aimed at your network or a downstream.  All it will
:do is prevent your customers from using the ping amplification networks to
:launch an attack.   And, if you have the appropriate anti-spoofing filters
:in place, they shouldn't be able to attack anything other than the valid
:source addresses you have in your outbound filter set.
:- Forrest W. Christian (forrestc at 
:iMach, Ltd., P.O. Box 5749, Helena, MT 59604
:Solutions for your high-tech problems.                  (406)-442-6648


Jason A. Lixfeld             jlixfeld at
iDirect Network Operations   jlixfeld at

TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
5415 Dundas Street West      |
Suite 301, Toronto Ontario   | (416) 236-5806	     (T)
M9B-1B5 CANADA               | (416) 236-5804        (F)

More information about the NANOG mailing list