Re[2]: Smurfs and fraggles

[dcostello () cmol com]

If I understand this correctly would a simple solution be to filter all
incomming broadcasts?  Would it just be a matter of setting up a filter on the
router to drop all incomming packets with a destination address of
xxx.xxx.xxx.255 where xxx.xxx.xxx is my network address?  Is there a reason I
wouldn't want to do this?  

____________________Reply Separator____________________
Subject:    Re: Smurfs and fraggles 
Author: Joe Kelly <jkelly () eagle1 osaccess net> 
Date:       2/9/99 3:06 PM

Dave,

What kind of routers are you running?  If you have ciscos, you can use a
function called CAR to rate limit inbound ICMP.  Fraggle attacks are a bit
trickier as they tend to be aimed at random UDP ports, and don't usually
consume as much bandwidth.  With fraggles, it's the packets per second
that kill you.  Back in my IDT days, I had to fend off many of these
attacks.  Check out the Nanog archives http://www.nanog.org.  Also check
out http://www.merit.edu/ipma/docs/isp.html#abuse.  This is off nanog's
page, and provides many useful links.  Probably one of the easiest ways to
prevent these attacks is to outsource your IRC server.  Good luck!  Let me
know if you have any other questions.

Joe Kelly
Ex-network Engineer IDT Corp.
Speaking for myself

On Mon, 8 Feb 1999 dcostello () cmol com wrote:

> Does anyone have information on this DOS attack and how to guard against it?