[15689] in North American Network Operators' Group
Re: UDP broadcast filters.
daemon@ATHENA.MIT.EDU (Joe Provo - Network Architect)
Mon Mar 16 14:01:32 1998
Date: Mon, 16 Mar 1998 13:53:38 -0500 (EST)
From: Joe Provo - Network Architect <jprovo@ma.ultranet.com>
To: jlixfeld@idirect.ca, nanog@merit.edu
> I've kept hearing about a UDP smurf floating around and I'd like to put up
[snip]
This is nothing new, except that code for those that just want toys to
break other people's networks has been put out on bigtraq (fraggle.c).
Shut off udp services you don't need. Re-read the last bit; in
generally, if you don't need to be running something, you're inviting
it to be abused. Pare down to what you need.
Anyway, use "no service udp-small" in global config on a cisco. Go into
inetd and shut off echo and chargen on un*x boxen; review what else you
have turned on while you're at it. Keep using "no ip directed-broadcast"
(and relatives on non-cisco gear).
Squirting packets at open UDP ports happens; it can only get amplified
in a "smurf-like" [smurfy?; eg, meaningfully damaging] fashion if you've
got interesting combinations of echo and chargen involved.
joe, speaking for himself as usual.
