More smurf fun
Alex P. Rudnev
alex at Relcom.EU.net
Tue Mar 10 14:40:06 UTC 1998
Why should not you filter out all packets destinated to this very
broadcast address somewhere on the border router? By their DST address,
not as _direct broadcast_ packets?
On Mon, 9 Mar 1998, Jeffrey Haas wrote:
> Date: Mon, 9 Mar 1998 14:58:30 -0500 (EST)
> From: Jeffrey Haas <elezar at pfrc.org>
> To: nanog at merit.edu
> Subject: Re: More smurf fun
>
> Dave Rand was known to have said:
> > Here's the latest group of smurf-able networks.
> [...]
> > Some of the phone calls were interesting. Many of the NOC staff did not
> > know what a smurf attack was (so I explained it to them). Many did not want
> > to set no ip directed-broadcast because they didn't know what it would do.
> [...]
> > 148.59.0.0
>
> A quick note:
>
> If you find yourself having problems from this netblock, please contact
> either jmh at msen.com (me) or noc at msen.com.
>
> We currently cannot disable directed broadcast due to a NASTY bug
> in the packet forwarding code of the Proteon routers we use on our
> backbone. We are working with Proteon to solve this issue.
>
> (I'm also trying to figure out if the issue is worth posting to Bugtraq.)
>
> In the meanwhile, we have implemented blackhole routing for the subnets
> that seemed to be at issue.
>
> > Dave Rand
>
> --
> Jeffrey Haas "He that breaks a thing to find out what it is has
> elezar at pfrc.org left the paths of wisdom." (Or works for Fermilab...)
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG
mailing list