[16152] in North American Network Operators' Group
Re: SMURF amplifier block list
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Apr 13 21:10:38 1998
Date: Mon, 13 Apr 98 18:00 PDT
From: Randy Bush <randy@psg.com>
To: Vadim Antonov <avg@pluris.com>
Cc: nanog@merit.edu
i suspect that they're discussing blocking inbound packets from faked
sources of smurf attacks. in this case, protection from outbound routing
info is too late. once the smurf packets gets in your local net, you've
been smurfed.
of course, the idea of blocking smurf spoof sites is pretty specious. how
many folk will go through the effort and burden on the routers to put an
access list in the packet path and yet not be clueful enough to just say
'no ip directed-broadcast' on the same damn edge router insead?
wait a sec. on second thought, don't answer that question.
randy
