[14202] in North American Network Operators' Group
Re: smurf
daemon@ATHENA.MIT.EDU (Leigh Porter)
Mon Dec 8 18:27:07 1997
Date: Mon, 08 Dec 1997 22:20:11 +0000
From: Leigh Porter <leigh@wisper.net>
To: Mike Hedlund <mike@isi.net>
CC: nanog@merit.edu
Mike Hedlund wrote:
>
[snip]
> Well.. the main problem with smurf is that as far as i know, it uses the
> reply from a broadcast. that will rule out tcp unless they send a direct
> flow from the attackers box to the destination/victims box. For UDP,
> you would have to send it to a broadcast, and also hope there is a udp
> service listening (ie.. a test program i wrote sent 1 udp broadcast to
> 198.32.136.255:7 and received a whole bunch of replies.. turn off small
> services on routers would be helpfull.. :)). You could also do that to
> any network, the point being.. its easier to disable simple udp services
> then to setup filters on border routers..
>
> -mike
I guess that depends upon how many border routers you have :)
It would also help to filter outgoing traffic from your network to
ensure
you do not become the unwitting source of a smurf attack..
--
Leigh Porter
