[16209] in North American Network Operators' Group
Re: SMURF amplifier block list
daemon@ATHENA.MIT.EDU (Mark Milhollan)
Wed Apr 15 00:16:24 1998
To: nanog@merit.edu
In-reply-to: Your message of Tue, 14 Apr 1998 16:37:20 -0500.
<3533D710.D6F2872E@paranet.com>
Date: Tue, 14 Apr 1998 21:00:31 -0700
From: Mark Milhollan <mlm@ftel.net>
Stephen Sprunk writes:
>If you have a suggestion for "removing the attack possibility in its
>entirety," please tell us. So far, nobody's come up with one.
SMURF'ing depends on spoofed source addresses, so the appropriate
filter is customer (and if your can afford it peer) ingress, not
network egress.
Anyone willing to install a *.255 filter should instead eliminate
directed-broadcast response, and validate packets they will accept.
