Solution: Re: Huge smurf attack
Craig A. Huegen
chuegen at quadrunner.com
Tue Jan 12 19:01:04 UTC 1999
On Tue, Jan 12, 1999 at 01:11:09PM -0500, Steve Gibbard wrote:
==>On Tue, 12 Jan 1999 danderson at lycos.com wrote:
==>
==>> I'm not sure what the big issue here is with the smurf attacks. If you set
==>> up some kind of access list that disables incoming icmp traffic, then turn
==>
==>That breaks path MTU discovery (see RFC 1435 for more info on that), among
==>other things.
Two choices:
access-list 101 deny icmp any any echo
access-list 101 deny icmp any any echo-reply
access-list 101 permit icmp any any
-or-
access-list 101 permit icmp any any packet-too-big
access-list 101 deny icmp any any
Neither of these is a particularly elegant solution because
they block troubleshooting tools such as ping and traceroute.
CAR works well to provide these troubleshooting services
during normal operations and to help suppress attacks.
/cah
More information about the NANOG
mailing list