[22640] in North American Network Operators' Group
Re: Solution: Re: Huge smurf attack
daemon@ATHENA.MIT.EDU (Brett Frankenberger)
Wed Jan 13 19:58:34 1999
From: Brett Frankenberger <brettf@netcom.com>
To: bross@mindspring.net (Brandon Ross), nanog@merit.edu
Date: Wed, 13 Jan 1999 17:56:13 -0600 (CST)
In-Reply-To: <Pine.LNX.3.96.990113022737.30920G-100000@xymox.netops.mindspring.net> from "Brandon Ross" at Jan 13, 99 02:29:41 am
:: Brandon Ross writes ::
>
> Doing something like this, similar to the serveral suggestions to
> filter all .0 and .255 addresses, is an attempt to fix the symptom
> instead of the real problem.
So is forcing vendors to make the equivalent of "no ip
directed-broadcast" the default. The problem is that dolts configure
routers. The symptom is "ip directed-broadcast" is configured (or not
unconfigured) where is shouldn't be.
(For the record, I agree with you on blocking ICMPs and blocking
.0/.255 ... both are bad ideas. But so is forcing vendors to violate
the router requirements RFC. If we (the internet community) want
directed broadcasts to be dropped by default, we should get off our
collective duffs and change the RFC.)
- Brett (brettf@netcom.com)
------------------------------------------------------------------------------
... Coming soon to a | Brett Frankenberger
.sig near you ... a Humorous Quote ... | brettf@netcom.com
