[15344] in North American Network Operators' Group
Re: Smurfing
daemon@ATHENA.MIT.EDU (Eric Osborne)
Fri Feb 13 17:40:36 1998
From: Eric Osborne <osborne@notcom.com>
To: ssh@HSAnet.net (Steve Hultquist)
Date: Fri, 13 Feb 1998 17:06:09 -0500 (EST)
Cc: nanog@merit.edu
In-Reply-To: <2614338424.887377601@loveland.wwsi.com> from "Steve Hultquist" at Feb 13, 98 01:46:41 pm
This actually came up a few weeks ago - there's no way to filter outbound
ICMP for "broadcast addresses", because what defines a broadcast address
depends on the subnetting at the receiving end. For example, 10.1.1.119
may be a host on 10.1.1.0/24, or a broadcast on 10.1.1.112/29.
"no ip directed-broadcast" drops all IP destined for the broadcast address
_on an interface_, AFAIK.
eric
>
> Don't these answers answer a different question? Isn't the question how to
> filter *outbound* attacks, not inbound ones? Filtering the inbound ones is
> pretty easy on a Bay or anything with filters (drop packets bound for the
> broadcast addresses). Filtering outbound is another story, especially with
> CIDR. I would like to set up my routers to make sure I'm protecting as much
> of the 'net as possible from attempts by my customers to do evil. However,
> it's not clear to me how to do that. Does "no ip directed-broadcast" somehow
> filter the *outbound* attacks or just the inbound ones?
> --
> Steve Hultquist, Chief Technology Officer HSAnet
> providing high-speed Internet access Boulder, Colorado
> mailto:ssh@HSAnet.net +1.303.581.0800 http://www.HSAnet.net/
>
>
