[15389] in North American Network Operators' Group
Re: Smurfing
daemon@ATHENA.MIT.EDU (Phillip Vandry)
Mon Feb 16 13:42:32 1998
Date: Mon, 16 Feb 1998 13:29:34 -0500 (EST)
From: Phillip Vandry <vandry@Mlink.NET>
To: Kevin Houle <kevin@netins.net>
cc: nanog@merit.edu
In-reply-to: Your message of "Fri, 13 Feb 1998 16:13:49 EST."
<199802132213.QAA29414@ins2.netins.net>
> The take the false static ARP concept a little further, I've
> been advised to use a fake adjacent host entry to accomplish
> this. A Bay SE sent this to me today :
>
> "In order to protect a directly connected network from being a
> smurf launch point, you can configure an Adjacent Host for the
> broadcast address (if the network is a /24 than the broadcast
> addresses would be x.x.x.0 and x.x.x.255) with a bogus MAC address.
> This will cause the smurf traffic to be sent to that bogus MAC
> address which result in NO ONE replying to the smurf."
Doesn't the broadcast address for which the false entry is being made to
break completely? (i.e. not just for the directed broadcast case)
If so, guess that's not OK if the router needs to send broadcast
packets on the LAN, as when it is running RIPv1!
-Phil
