[16210] in North American Network Operators' Group
Re: SMURF amplifier block list - READ THIS
daemon@ATHENA.MIT.EDU (Mark Milhollan)
Wed Apr 15 00:25:26 1998
To: nanog@merit.edu
In-reply-to: Your message of Tue, 14 Apr 1998 17:22:42 -0500.
<19980414172242.43601@mcs.net>
Date: Tue, 14 Apr 1998 21:16:57 -0700
From: Mark Milhollan <mlm@ftel.net>
Karl Denninger writes:
>A T1 connected person launching a smurf can burn down an OC-12 if they
>can find amplifiers with enough outbound capacity.
Which is to say a dozen well connected DS-3 networks -- not that hard
to find at all. Thankfully that number seems to be dwindling rapidly.
This will eventually degenerate to attackers searching for many dozens
of DS-1 networks that are open, so small providers/customers should be
educated as well.
>The *ONLY* long-term fix for smurfing is to prohibit directed broadcasts,
I believe it has to include ingress source address validation.
The overall problem remains, getting others to deny spoofing and
directed broadcast responses can only be done though communication --
and sometimes excommunication is all that can be heard.
