[16294] in North American Network Operators' Group
Re: SMURF amplifier block list
daemon@ATHENA.MIT.EDU (Dean Anderson)
Sat Apr 18 15:46:11 1998
In-Reply-To:
<Pine.SUN.3.91.980418231946.14113M-100000@virgin.relcom.eu.net>
Date: Sat, 18 Apr 1998 15:31:48 -0400
To: "Alex P. Rudnev" <alex@Relcom.EU.net>
From: Dean Anderson <dean@av8.com>
Cc: nanog@merit.edu
At 3:21 PM -0400 4/18/98, Alex P. Rudnev wrote:
>> During an in progress attack, you probably have to take extreme measures,
>Do you remember - it's not attack against you or attack by some of your
>customer's networks used as amplifier, but the attack initiated from your
>own network. You never note such thing withouth some permanent
>measurement.
>
>It's why we saw this 100% helpless against the SMURF's.
But to protect your own network, all you need is the access rule I gave.
You know your own broadcast address and netmask, and can put in a rule to
block.
You just can't block the presumed broadcast address used by other peoples
networks.
Logging attempted attacks which are blocked can't really be done with a
cisco. You need something to monitor the line coming in.
--Dean
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Plain Aviation, Inc dean@av8.com
LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com
We Make IT Fly! (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
