source filtering
Dalvenjah FoxFire
dalvenjah at DAL.NET
Tue Jan 12 19:07:03 UTC 1999
On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox:
>
> Is UDP smurf much in evidence? (send a UDP packet to the broadcast address
> on the echo server port and you'll either get ICMP port unreachables
> back or UDP echos). The reason I ask is that edge ICMP rate
> limiting won't help UDP.
Supposedly UDP smurf (fraggle) is becoming more popular. I haven't
seen it myself.
The only type of UDP attack I've seen has been where a user breaks
into machine on high bandwidth, fails to get root, and runs a program
that sends large amounts of huge UDP packets to a destination host.
This makes tracing the problem loads easier, and your upstream can
block out the single host.
-dalvenjah
--
Dalvenjah FoxFire (aka Sven Nielsen) The name's Bean....Mr. Bean.
Founder, the DALnet IRC Network
e-mail: dalvenjah at dal.net WWW: http://www.dal.net/~dalvenjah/
whois: SN90 Try DALnet! http://www.dal.net/
More information about the NANOG
mailing list