source filtering

Dalvenjah FoxFire dalvenjah at DAL.NET
Tue Jan 12 19:07:03 UTC 1999

On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox:
> Is UDP smurf much in evidence? (send a UDP packet to the broadcast address
> on the echo server port and you'll either get ICMP port unreachables
> back or UDP echos). The reason I ask is that edge ICMP rate
> limiting won't help UDP.

Supposedly UDP smurf (fraggle) is becoming more popular. I haven't
seen it myself.

The only type of UDP attack I've seen has been where a user breaks
into machine on high bandwidth, fails to get root, and runs a program
that sends large amounts of huge UDP packets to a destination host.
This makes tracing the problem loads easier, and your upstream can
block out the single host.


 Dalvenjah FoxFire (aka Sven Nielsen)  The name's Bean....Mr. Bean.
 Founder, the DALnet IRC Network       
 e-mail: dalvenjah at             WWW:
 whois: SN90                           Try DALnet!

More information about the NANOG mailing list