nanog mailing list archives
Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
From: Phil Howard <phil () charon milepost com>
Date: Sun, 28 Dec 1997 00:58:01 -0600 (CST)
Karl Denninger writes...
Then you damn well better not be permitting any of the following: 1) Forged source addresses (this CAN be stopped with specific filters on your interfaces, although some will bitch about the performance impact - depending on their specific choices)
Yet another case for pressing (now) ARIN (and others who allocate address space) to do address allocation in reasonable chunk sizes instead of forcing providers to accept little bits of address space a piece at a time. Prefix volume on BGP would be helped, too, by having fewer little pieces scattered all around. And with address space now on a paid basis, in theory people will generally ask for what they expect to need (there will be exceptions but they should be easy to spot), so there is more reason to actually give out requested allocations that are not obviously inflated.
2) Directed broadcasts (which are used to "create" these DOS attacks by bouncing the attack off a particularly-well-connected location, USUALLY a provider's internal infrastructure). Block both of those and Smurfs would disappear. If you can trace the TRUE source of such an attack quickly, people will go to jail for this. The only reason they are popular is because the source addresses CAN be forged.
Specific information is always helpful. Unfortunately, if it has been given on NANOG, it can be missed due to the high noise level (yet another issue we need to work on). Would config examples in IOS and gated be too much to ask for (if someone only knows one, someone who knows the other should follow up).
THIS CAN BE PREVENTED.
Agreed. Let's make it easy. -- Phil Howard | die3spam () spammer3 org eat4this () dumb3ads edu no1way94 () dumbads5 org phil | no0way53 () no9where edu end9ads2 () noplace0 org stop9361 () dumb4ads org at | no7spam1 () spammer8 org die2spam () no5place edu blow2me0 () no39ads6 edu milepost | stop3it3 () lame2ads com w2x4y9z8 () lame1ads edu eat2this () noplace1 net dot | no14ads6 () nowhere0 org no6spam1 () spam8mer com no5way06 () nowhere3 net com | die6spam () no66ads9 com stop5758 () no39ads5 org eat1this () anywhere org
Current thread:
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED, (continued)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Karl Denninger (Dec 27)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Darin Wayrynen (Dec 27)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Karl Denninger (Dec 27)
- smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Network Operations Center (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Phil Howard (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Darin Wayrynen (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Pete Ashdown (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Darin Wayrynen (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Dorian R. Kim (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Phil Howard (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 27)
- Re: smurf, the MCI-developed tracing tools Dax Kelson (Dec 28)
- Re: smurf, the MCI-developed tracing tools Karl Denninger (Dec 29)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Bradley Reynolds (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)