[5389] in bugtraq
Re: `smurf' multi-broadcast icmp attack
daemon@ATHENA.MIT.EDU (Craig A. Huegen)
Mon Oct 13 15:22:13 1997
Date: Mon, 13 Oct 1997 10:36:42 -0700
Reply-To: "Craig A. Huegen" <chuegen@QUADRUNNER.COM>
From: "Craig A. Huegen" <chuegen@QUADRUNNER.COM>
X-To: "T. Freak" <tf@TAP.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.91.971012142256.3522B-100000@tap.net>
On Sun, 12 Oct 1997, T. Freak wrote:
See http://www.quadrunner.com/~chuegen/smurf.txt for the information on
how to protect your network, as well as how to prevent _helping_ those who
are launching the attacks. This is a paper I have written to assist the
networking community on suppressing the attacks; I will be presenting the
content in an Interprovider Operations BOF at the NANOG meeting on October
27.
==>I believe MCI is currently working on a patch or dectector of some kind
==>for it, which is available at
==> http://www.internetnews.com/isp-news/1997/10/0901-mci.html
See http://www.security.mci.net/dostracker/ for more details. It's a perl
script which will log into a series of Cisco routers and track an attack
interface-by-interface to the edge of the network.
/cah
----
Craig A. Huegen, consultant <chuegen@quadrunner.com>
Cisco Certified Internetwork Expert, #2100
Quadrunner Communications - Network and Systems Consulting
