Smurfing
Havard.Eidnes at runit.sintef.no
Havard.Eidnes at runit.sintef.no
Fri Feb 13 22:45:41 UTC 1998
Hi,
getting Smurfing "under control" takes two things:
o All router administrators on the immediately reachable
Internet needs to turn off directed broadcasts on their router
interfaces. It's conceivable that "a significant portion of
all" would do as well, but the magnitude of this problem
boggles the mind. First of all, we'd need to distribute the
appropriate amount of clue to all the corners of the net where
this needs to happen. Maybe, just maybe, we'll get there
sometime (I'm an optimist!).
o Making sure source IP address spoofing isn't as easily done as
it is now. Also an easy one, right? ;-)
Anyone have any idea where most of the attacks originate:
dial-up ports or from folks more directly connected to the
net? (I'd bet on a happy mix ;-)
Equipment providers can offer some help here in offering an
effective and efficient knob which can do the equivalent of
"RPF"ing on unicast traffic (if you don't have a route back to
the source and the route doesn't point to the incoming
interface for the packet, drop it on the floor). Obviously,
this assumes symmetric traffic patterns, which are typical at
the edges of the network but not quite so typical in our/your
modern backbone networks.
o While we struggle with the above two, at least some service
providers need to become more responsive in tracking these
sort of events back to their real source. No names mentioned,
none forgotten.
o Lastly, I think that better tools are needed to track this
sort of attacks back to their source (?).
I'm not saying these battles should not be fought; far from it,
but it's probably going to take a while before any of these can
have any significant effect on the problem.
- Håvard
More information about the NANOG
mailing list