[16164] in North American Network Operators' Group
Re: SMURF amplifier block list
daemon@ATHENA.MIT.EDU (Alex P. Rudnev)
Tue Apr 14 06:03:45 1998
Date: Tue, 14 Apr 1998 13:27:34 +0400 (MSD)
From: "Alex P. Rudnev" <alex@Relcom.EU.net>
To: "Forrest W. Christian" <forrestc@iMach.com>
cc: Vadim Antonov <avg@pluris.com>, Karl Denninger <karl@mcs.net>,
Dean Anderson <dean@av8.com>,
"Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>, nanog@merit.edu
In-Reply-To: <Pine.BSF.3.96.980413193532.2891A-100000@workhorse.iMach.com>
The whole idea was to block attempts to make SMURF atatck originated from
your network, and this case the black list of addresses to be blocked
(it's the list of broadcast addresses used to amplify ICMP) joined with
the logging such attempts is quite usefull.
> Date: Mon, 13 Apr 1998 19:46:29 -0600 (MDT)
> From: Forrest W. Christian <forrestc@iMach.com>
> To: Vadim Antonov <avg@pluris.com>
> Cc: Karl Denninger <karl@mcs.net>, Dean Anderson <dean@av8.com>,
> "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>, nanog@merit.edu
> Subject: Re: SMURF amplifier block list
>
> On Mon, 13 Apr 1998, Vadim Antonov wrote:
>
> > Uh. Just modify BGP routes from that feed to have a next hop pointing
> > to a black hole. route-maps are sometimes useful.
>
> Could someone PLEASE explain to me how this is accomplished?
....