Solution: Re: Huge smurf attack

Phil Howard phil at whistler.intur.net
Tue Jan 12 01:54:04 UTC 1999


Jon Lewis wrote:

> This might not be allowed under existing service contracts.  Most
> providers probably have provisions to disconnect for network abuse...but
> not for cluelessness.

Then we need to re-classify having an open broadcast amplifier as an
abuse.  If we can get upstreams and backbones to give a formal 30 day
notice, then start cutting lines ...

OTOH, what about just declaring that X.X.X.{0,255} is off limits
regardless of the network size?  It would take just 2 access list
entries to make those addresses in networks larger than /24 to be
mostly useless.  There aren't that many LANs out there that would
have real non-broadcast use on these addresses, anyway.  I block
these coming in to my network as destinations, and I'm tempted to
block them as sources, as well.  Once these addresses are indeed
off limits, then the next step is to get backbones to put in the
access lists.

-- 
 --    *-----------------------------*      Phil Howard KA9WGN       *    --
  --   | Inturnet, Inc.              | Director of Internet Services |   --
   --  | Business Internet Solutions |       eng at intur.net        |  --
    -- *-----------------------------*      philh at intur.net       * --



More information about the NANOG mailing list