SMURF amplifier block list
Dan Boehlke
dboehlke at mr.net
Sat Apr 18 17:39:29 UTC 1998
What about people who didn't subnet their class B on the eight bit
boundry, but made larger subnets instead? What about the class B that
doesn't appear to be subnetted at all? What about supernetted class C
networks? A trailing .255 can be a valid host.
On Sat, 18 Apr 1998, Alex P. Rudnev wrote:
> Why don't use the filter
>
> deny icmp any 0.0.0.255 255.255.255.0 echo-request
>
> on the incoming lines? It just block 99.999% of this smurf amplifiers;
> and I hardly think someone eve sence this restriction for the real PING
> tests.
>
> ???
>
>
>
> On Fri, 17 Apr 1998, Dean Anderson wrote:
>
> > Date: Fri, 17 Apr 1998 18:09:08 -0400
> > From: Dean Anderson <dean at av8.com>
> > To: jlixfeld at idirect.ca
> > Cc: nanog at merit.edu
> > Subject: Re: SMURF amplifier block list
> >
> > > Does no ip directed broadcast really work?
> >
> > Yes. It works.
> >
> > And it works for whatever your particular netmask or broadcast address
> > happens to be, which is what's important.
> >
> > The only time you shouldn't do it globally is when some other network
> > really needs to see broadcasts. For example, If we manage a client's
> > network with HP OpenView over the internet, we need to be able to send them
> > directed broadcasts, so that OpenView host discovery will work. Patrol
> > works the same way, as do other products. In this case you can't use the
> > "no ip directed broadcast" switch, but you can still set up access rules
> > which do the same thing except for the permitted network.
> >
> > Bottom line is that you should protect your network from people who would
> > either abuse it via smurfing, or simply have no business looking for hosts
> > on your network. You have the tools to do it.
> >
> > --Dean
> >
> >
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > Plain Aviation, Inc dean at av8.com
> > LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com
> > We Make IT Fly! (617)242-3091 x246
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> >
> >
>
> Aleksei Roudnev, Network Operations Center, Relcom, Moscow
> (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
> (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
>
--
Dan Boehlke, Senior Network Engineer M R N e t
Internet: dboehlke at mr.net A MEANS Telcom Company
Phone: 612-362-5814 2829 SE University Ave. Suite 200
WWW: http://www.mr.net/~dboehlke/ Minneapolis, MN 55414
More information about the NANOG
mailing list