[14188] in North American Network Operators' Group
Re: smurf
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Mon Dec 8 11:54:12 1997
Date: Tue, 9 Dec 1997 03:43:23 +1100 (EST)
From: Adrian Chadd <adrian@ourworld.net>
To: Wayne Bouchard <web@typo.org>
cc: nanog@merit.edu
In-Reply-To: <199712060505.WAA19824@typo.org>
On Fri, 5 Dec 1997, Wayne Bouchard wrote:
[snip]
> threaten the most disruption of internet services. With ISDN and
> DSL, users have the bandwidth necessary to generate even more
> dangerous levels of traffic. If you don't think this issue affects
> you, it does. If you're not a target, your probably being used
> as a source.
I agree totally.
A couple of problems:
* Filtering ALL ICMP is pretty silly, ICMP is there for more than just
pings, and some of it is important.
* If people start doing this, someone with a smidgen of time on their
hands will write a ping flooder that uses random TCP or UDP packets
with spoofed from addresses.
I'm curious however - can anyone out there running netflow or something
similar give me a breakdown on what kind of ICMP traffic they're seeing?
Adrian
