Solution: Re: Huge smurf attack

Phil Howard phil at
Tue Jan 12 01:54:04 UTC 1999

Jon Lewis wrote:

> This might not be allowed under existing service contracts.  Most
> providers probably have provisions to disconnect for network abuse...but
> not for cluelessness.

Then we need to re-classify having an open broadcast amplifier as an
abuse.  If we can get upstreams and backbones to give a formal 30 day
notice, then start cutting lines ...

OTOH, what about just declaring that X.X.X.{0,255} is off limits
regardless of the network size?  It would take just 2 access list
entries to make those addresses in networks larger than /24 to be
mostly useless.  There aren't that many LANs out there that would
have real non-broadcast use on these addresses, anyway.  I block
these coming in to my network as destinations, and I'm tempted to
block them as sources, as well.  Once these addresses are indeed
off limits, then the next step is to get backbones to put in the
access lists.

 --    *-----------------------------*      Phil Howard KA9WGN       *    --
  --   | Inturnet, Inc.              | Director of Internet Services |   --
   --  | Business Internet Solutions |       eng at        |  --
    -- *-----------------------------*      philh at       * --

More information about the NANOG mailing list