Solution: Re: Huge smurf attack

Craig A. Huegen chuegen at quadrunner.com
Tue Jan 12 19:01:04 UTC 1999


On Tue, Jan 12, 1999 at 01:11:09PM -0500, Steve Gibbard wrote:
==>On Tue, 12 Jan 1999 danderson at lycos.com wrote:
==>
==>> I'm not sure what the big issue here is with the smurf attacks. If you set
==>> up some kind of access list that disables incoming icmp traffic, then turn
==>
==>That breaks path MTU discovery (see RFC 1435 for more info on that), among
==>other things.

Two choices:

access-list 101 deny icmp any any echo
access-list 101 deny icmp any any echo-reply
access-list 101 permit icmp any any

-or-

access-list 101 permit icmp any any packet-too-big
access-list 101 deny icmp any any

Neither of these is a particularly elegant solution because
they block troubleshooting tools such as ping and traceroute.

CAR works well to provide these troubleshooting services
during normal operations and to help suppress attacks.

/cah




More information about the NANOG mailing list