More smurf fun

Alex P. Rudnev alex at Relcom.EU.net
Tue Mar 10 14:40:06 UTC 1998


Why should not you filter out all packets destinated to this very 
broadcast address somewhere on the border router? By their DST address, 
not as _direct broadcast_ packets?


On Mon, 9 Mar 1998, Jeffrey Haas wrote:

> Date: Mon, 9 Mar 1998 14:58:30 -0500 (EST)
> From: Jeffrey Haas <elezar at pfrc.org>
> To: nanog at merit.edu
> Subject: Re: More smurf fun
> 
> Dave Rand was known to have said:
> > Here's the latest group of smurf-able networks.
> [...]
> > Some of the phone calls were interesting.  Many of the NOC staff did not
> > know what a smurf attack was (so I explained it to them).  Many did not want
> > to set no ip directed-broadcast because they didn't know what it would do.
> [...]
> > 148.59.0.0
> 
> A quick note:
> 
> If you find yourself having problems from this netblock, please contact
> either jmh at msen.com (me) or noc at msen.com.
> 
> We currently cannot disable directed broadcast due to a NASTY bug
> in the packet forwarding code of the Proteon routers we use on our
> backbone.  We are working with Proteon to solve this issue.
> 
> (I'm also trying to figure out if the issue is worth posting to Bugtraq.)
> 
> In the meanwhile, we have implemented blackhole routing for the subnets
> that seemed to be at issue.
> 
> > Dave Rand
> 
> -- 
>  Jeffrey Haas   "He that breaks a thing to find out what it is has
> elezar at pfrc.org  left the paths of wisdom." (Or works for Fermilab...)
> 

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)




More information about the NANOG mailing list