Solution: Re: Huge smurf attack
Daniel Senie
dts at senie.com
Thu Jan 14 01:37:28 UTC 1999
Brett Frankenberger wrote:
>
> :: Brandon Ross writes ::
> >
> > Doing something like this, similar to the serveral suggestions to
> > filter all .0 and .255 addresses, is an attempt to fix the symptom
> > instead of the real problem.
>
> So is forcing vendors to make the equivalent of "no ip
> directed-broadcast" the default. The problem is that dolts configure
> routers. The symptom is "ip directed-broadcast" is configured (or not
> unconfigured) where is shouldn't be.
Actually, several vendors came to the conclusion they should change the
default on their own...
But, as customers of the router and networking equipment vendors, the
choice IS ultimately yours. If you have specific needs, then ask for
them. If you feel that routers which can filter RFC1918 addresses at
your peering points, at wire speed without croaking is important to you
and your neighbor ISPs, then ask for it. Such things CAN be built, if
someone expresses a desire to buy.
>
> (For the record, I agree with you on blocking ICMPs and blocking
> .0/.255 ... both are bad ideas. But so is forcing vendors to violate
> the router requirements RFC. If we (the internet community) want
> directed broadcasts to be dropped by default, we should get off our
> collective duffs and change the RFC.)
On the subject of changing the RFC, I had been thinking about submitting
a draft on this subject for a while, and did submit one yesterday. See
<draft-senie-directed-broadcast-00.txt> on your favorite document mirror
site. I guess that qualifies as getting off my duff. Please read the
document and send me comments.
Dan
--
-----------------------------------------------------------------
Daniel Senie dts at senie.com
Amaranth Networks Inc. http://www.amaranthnetworks.com
More information about the NANOG
mailing list