[11472] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Wed Jul 30 15:57:42 1997
Date: Wed, 30 Jul 1997 15:23:27 -0400
From: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
To: "Alex.Bligh" <amb@xara.net>
Cc: cisco-nsp@cic.net, nanog@merit.edu
In-Reply-To: <199707301856.TAA21579@diamond.xara.net>; from "Alex.Bligh" <amb@xara.net> on Wed, Jul 30, 1997 at 07:56:11PM +0100
On Wed, Jul 30, 1997 at 07:56:11PM +0100, Alex.Bligh wrote:
> Urm, 192.41.177.255 is the MAE-East LAN ?! Are you saying attacks are
> being mounted from here or people are attacking this LAN (not
> sure which is more worrying)
What he's saying is that someone is mounting broadcast ping flooding
attacks with forged source addresses which make them appear to be
coming from MAE-East, among other places.
He correctly notes that this _must_ be fixed at the boundary routers.
Network operators: _please_ make sure your boundary routers do not
allow you to send packets upstream which have source addresses on them
which are not on your networks. Filters are your friend. A source
address of 127.anything is pretty uncool, too, as are broadcast
addresses... although those can be harder to figure out nowadays.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
