[15370] in North American Network Operators' Group
Re: Smurfing
daemon@ATHENA.MIT.EDU (Steve Hultquist)
Mon Feb 16 00:50:21 1998
Date: Fri, 13 Feb 1998 16:07:02 -0700
From: "Steve Hultquist" <ssh@HSAnet.net>
To: nanog@merit.edu
X-Licensed-To: Unlicensed - for evaluation only
Havard,
--On Friday, February 13, 1998, 11:45 PM +0100 Havard.Eidnes@runit.sintef.no
wrote:
> getting Smurfing "under control" takes two things:
>
> o All router administrators on the immediately reachable
> Internet needs to turn off directed broadcasts on their router
> interfaces.
> o Making sure source IP address spoofing isn't as easily done as
> it is now. Also an easy one, right? ;-)
I agree, and this is what we have done. The earlier post (from someone else)
was asking about how to filter *outbound* directed broadcasts, and I didn't
understand how this could be done. A number of my NANOG colleagues have
adamantly agreed that it can't!
> o While we struggle with the above two, at least some service
> providers need to become more responsive in tracking these
> sort of events back to their real source. No names mentioned,
> none forgotten.
Agreed. Would it make sense to come up with a cooperative mechanism for this
similar to CERT only faster?
> o Lastly, I think that better tools are needed to track this
> sort of attacks back to their source (?).
That would be very difficult, effectively requiring the ability to query
routers and ask if they are seeing packets bound for a specific address. I'd
love to see some tools that would help us do that, however!
--
Steve Hultquist, Chief Technology Officer HSAnet
providing high-speed Internet access Boulder, Colorado
mailto:ssh@HSAnet.net +1.303.581.0800 http://www.HSAnet.net/
