Smurfing
Steve Hultquist
ssh at HSAnet.net
Fri Feb 13 23:07:02 UTC 1998
Havard,
--On Friday, February 13, 1998, 11:45 PM +0100 Havard.Eidnes at runit.sintef.no
wrote:
> getting Smurfing "under control" takes two things:
>
> o All router administrators on the immediately reachable
> Internet needs to turn off directed broadcasts on their router
> interfaces.
> o Making sure source IP address spoofing isn't as easily done as
> it is now. Also an easy one, right? ;-)
I agree, and this is what we have done. The earlier post (from someone else)
was asking about how to filter *outbound* directed broadcasts, and I didn't
understand how this could be done. A number of my NANOG colleagues have
adamantly agreed that it can't!
> o While we struggle with the above two, at least some service
> providers need to become more responsive in tracking these
> sort of events back to their real source. No names mentioned,
> none forgotten.
Agreed. Would it make sense to come up with a cooperative mechanism for this
similar to CERT only faster?
> o Lastly, I think that better tools are needed to track this
> sort of attacks back to their source (?).
That would be very difficult, effectively requiring the ability to query
routers and ask if they are seeing packets bound for a specific address. I'd
love to see some tools that would help us do that, however!
--
Steve Hultquist, Chief Technology Officer HSAnet
providing high-speed Internet access Boulder, Colorado
mailto:ssh at HSAnet.net +1.303.581.0800 http://www.HSAnet.net/
More information about the NANOG
mailing list