[22557] in North American Network Operators' Group
Re: Solution: Re: Huge smurf attack
daemon@ATHENA.MIT.EDU (Phil Howard)
Mon Jan 11 21:38:04 1999
From: Phil Howard <phil@whistler.intur.net>
To: jlewis@inorganic5.fdt.net (Jon Lewis)
Date: Mon, 11 Jan 1999 19:54:04 -0600 (CST)
Cc: goemon@sasami.anime.net, nanog@merit.edu
In-Reply-To: <Pine.LNX.3.95.990111145820.3186T-100000@tarkin.fdt.net> from "Jon Lewis" at Jan 11, 99 03:04:39 pm
Jon Lewis wrote:
> This might not be allowed under existing service contracts. Most
> providers probably have provisions to disconnect for network abuse...but
> not for cluelessness.
Then we need to re-classify having an open broadcast amplifier as an
abuse. If we can get upstreams and backbones to give a formal 30 day
notice, then start cutting lines ...
OTOH, what about just declaring that X.X.X.{0,255} is off limits
regardless of the network size? It would take just 2 access list
entries to make those addresses in networks larger than /24 to be
mostly useless. There aren't that many LANs out there that would
have real non-broadcast use on these addresses, anyway. I block
these coming in to my network as destinations, and I'm tempted to
block them as sources, as well. Once these addresses are indeed
off limits, then the next step is to get backbones to put in the
access lists.
--
-- *-----------------------------* Phil Howard KA9WGN * --
-- | Inturnet, Inc. | Director of Internet Services | --
-- | Business Internet Solutions | eng at intur.net | --
-- *-----------------------------* philh at intur.net * --
