SMURF amplifier block list
Alex P. Rudnev
alex at Relcom.EU.net
Sat Apr 18 12:23:36 UTC 1998
Why don't use the filter
deny icmp any 0.0.0.255 255.255.255.0 echo-request
on the incoming lines? It just block 99.999% of this smurf amplifiers;
and I hardly think someone eve sence this restriction for the real PING
tests.
???
On Fri, 17 Apr 1998, Dean Anderson wrote:
> Date: Fri, 17 Apr 1998 18:09:08 -0400
> From: Dean Anderson <dean at av8.com>
> To: jlixfeld at idirect.ca
> Cc: nanog at merit.edu
> Subject: Re: SMURF amplifier block list
>
> > Does no ip directed broadcast really work?
>
> Yes. It works.
>
> And it works for whatever your particular netmask or broadcast address
> happens to be, which is what's important.
>
> The only time you shouldn't do it globally is when some other network
> really needs to see broadcasts. For example, If we manage a client's
> network with HP OpenView over the internet, we need to be able to send them
> directed broadcasts, so that OpenView host discovery will work. Patrol
> works the same way, as do other products. In this case you can't use the
> "no ip directed broadcast" switch, but you can still set up access rules
> which do the same thing except for the permitted network.
>
> Bottom line is that you should protect your network from people who would
> either abuse it via smurfing, or simply have no business looking for hosts
> on your network. You have the tools to do it.
>
> --Dean
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Plain Aviation, Inc dean at av8.com
> LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com
> We Make IT Fly! (617)242-3091 x246
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG
mailing list