Solution: Re: Huge smurf attack

Steve Gibbard scg at
Tue Jan 12 15:46:03 UTC 1999

Speaking as an ISP with lots of small business customers who don't know
what a smurf attack is, much less why they should want to prevent them,
I've found that the easiest solution to this in dealing with customers
whose routers we don't manage is to stick in a filter on our router
upstream from them, blocking any smurfable broadcast addresses.  Most of
our customers have just one or two subnets, so that's pretty easy, but it
wouldn't scale all that well to customers with larger, more complex
networks, especially if they're changing their network configuration
somewhat frequently.  In that case, though, there's usually somebody there
who I can at least attempt to explain why open broadcast addresses are a
problem to.


On Mon, 11 Jan 1999, Jon Lewis wrote:

> On Mon, 11 Jan 1999, Dan Hollis wrote:
> > due to unresponsive staff or bad ARIN contact info... but getting their
> > upstream to pull their connection out of the wall gets their 100% 
> > attention REAL quick. Response time goes from weeks to minutes.
> This might not be allowed under existing service contracts.  Most
> providers probably have provisions to disconnect for network abuse...but
> not for cluelessness.
> ----don't waste your cpu, crack team enzo---
>  Jon Lewis <jlewis at>  |  Spammers will be winnuked or 
>  Network Administrator       |  nestea'd...whatever it takes
>  Florida Digital Turnpike    |  to get the job done.
> ______ for PGP public key________

Steve Gibbard
WWNet System Administration
+1 734 513-7707 x 2009

More information about the NANOG mailing list