[15369] in North American Network Operators' Group
Re: Smurfing
daemon@ATHENA.MIT.EDU (Kevin Houle)
Mon Feb 16 00:47:49 1998
Date: Fri, 13 Feb 1998 16:13:49 -0600 (CST)
From: Kevin Houle <kevin@netins.net>
To: nanog@merit.edu
In-Reply-To: <Pine.QUAD.3.96.980213114834.10297A-100000@quad.quadrunner.com>
On Fri, 13 Feb 1998 11:51:29 -0800 (PST)
"Craig A. Huegen" <chuegen@quadrunner.com> wrote:
> http://www.quadrunner.com/~chuegen/smurf.txt
>
> With Bay Networks, you must set a false static ARP for the broadcast
> address and then it will not send directed broadcasts. A Bay SE tells me
> that an option to disable directed broadcasts is being implemented and
> will be in a major release expected around April.
The take the false static ARP concept a little further, I've
been advised to use a fake adjacent host entry to accomplish
this. A Bay SE sent this to me today :
"In order to protect a directly connected network from being a
smurf launch point, you can configure an Adjacent Host for the
broadcast address (if the network is a /24 than the broadcast
addresses would be x.x.x.0 and x.x.x.255) with a bogus MAC address.
This will cause the smurf traffic to be sent to that bogus MAC
address which result in NO ONE replying to the smurf."
We originally were advised to use a blackhole static route,
but that does not take precedence over a directly connected
route in the route table.
Kevin
