SMURF amplifier block list

Alex P. Rudnev alex at
Sat Apr 18 12:23:36 UTC 1998

Why don't use the filter

 deny icmp any echo-request

on the incoming lines? It just block 99.999% of this smurf amplifiers; 
and I hardly think someone eve sence this restriction for the real PING 


On Fri, 17 Apr 1998, Dean Anderson wrote:

> Date: Fri, 17 Apr 1998 18:09:08 -0400
> From: Dean Anderson <dean at>
> To: jlixfeld at
> Cc: nanog at
> Subject: Re: SMURF amplifier block list
> > Does no ip directed broadcast really work?
> Yes. It works.
> And it works for whatever your particular netmask or broadcast address
> happens to be, which is what's important.
> The only time you shouldn't do it globally is when some other network
> really needs to see broadcasts.  For example, If we manage a client's
> network with HP OpenView over the internet, we need to be able to send them
> directed broadcasts, so that OpenView host discovery will work.  Patrol
> works the same way, as do other products.  In this case you can't use the
> "no ip directed broadcast" switch, but you can still set up access rules
> which do the same thing except for the permitted network.
> Bottom line is that you should protect your network from people who would
> either abuse it via smurfing, or simply have no business looking for hosts
> on your network. You have the tools to do it.
> 		--Dean
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>            Plain Aviation, Inc                  dean at
>            We Make IT Fly!                (617)242-3091 x246
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)

More information about the NANOG mailing list