[22601] in North American Network Operators' Group
Re: source filtering
daemon@ATHENA.MIT.EDU (Dalvenjah FoxFire)
Tue Jan 12 16:25:51 1999
Date: Tue, 12 Jan 1999 11:07:03 -0800
From: Dalvenjah FoxFire <dalvenjah@DAL.NET>
To: nanog@merit.edu
In-Reply-To: <199901121825.SAA18719@diamond.xara.net>; from Alex Bligh on Tue, Jan 12, 1999 at 06:25:47PM +0000
On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox:
>
> Is UDP smurf much in evidence? (send a UDP packet to the broadcast address
> on the echo server port and you'll either get ICMP port unreachables
> back or UDP echos). The reason I ask is that edge ICMP rate
> limiting won't help UDP.
Supposedly UDP smurf (fraggle) is becoming more popular. I haven't
seen it myself.
The only type of UDP attack I've seen has been where a user breaks
into machine on high bandwidth, fails to get root, and runs a program
that sends large amounts of huge UDP packets to a destination host.
This makes tracing the problem loads easier, and your upstream can
block out the single host.
-dalvenjah
--
Dalvenjah FoxFire (aka Sven Nielsen) The name's Bean....Mr. Bean.
Founder, the DALnet IRC Network
e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/
whois: SN90 Try DALnet! http://www.dal.net/
