[15332] in North American Network Operators' Group
Re: Smurfing
daemon@ATHENA.MIT.EDU (Eric Osborne)
Fri Feb 13 15:03:25 1998
From: Eric Osborne <osborne@notcom.com>
To: spork@inch.com (Charles Sprickman)
Date: Fri, 13 Feb 1998 14:41:13 -0500 (EST)
Cc: alex@nac.net, nanog@merit.edu
In-Reply-To: <Pine.BSF.3.96.980213141816.15428E-100000@shell.inch.com> from "Charles Sprickman" at Feb 13, 98 02:26:40 pm
> Perhaps some of the folks on NANOG that use equipment other than Cisco
> would like to share how they "configure their router for that"? It would
> be a nice service to everyone...
>
> Charles
>
>
Your router packet-filters, right? I don't know the Bay config syntax, but
a poor-man's version of "no ip directed-broadcast" is to disallow ICMP
(or IP, if you have to do it that way) to the broadcast addresses on your
network.
Yeah, it's not perfect. Yeah, there are some problems with it. Yeah, it
won't work terribly well if you break up CIDR blocks and hand them to customers
who break them up and hand them to customers who break them up.... but it
will work. Especially if you apply it as close to the customer side of
things as possible.
eric
