SMURF amplifier block list

Dean Anderson dean at av8.com
Sat Apr 18 19:31:48 UTC 1998


At 3:21 PM -0400 4/18/98, Alex P. Rudnev wrote:
>> During an in progress attack, you probably have to take extreme measures,
>Do you remember - it's not attack against you or attack by some of your
>customer's networks used as amplifier, but the attack initiated from your
>own network. You never note such thing withouth some permanent
>measurement.
>
>It's why we saw this 100% helpless against the SMURF's.

But to protect your own network, all you need is the access rule I gave.
You know your own broadcast address and netmask, and can put in a rule to
block.

You just can't block the presumed broadcast address used by other peoples
networks.

Logging attempted attacks which are blocked can't really be done with a
cisco.  You need something to monitor the line coming in.

		--Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean at av8.com
           LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
           We Make IT Fly!                (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++





More information about the NANOG mailing list