nanog mailing list archives

Re: smurf

From: Karl Denninger <karl () mcs net>
Date: Mon, 8 Dec 1997 10:48:47 -0600

On Fri, Dec 05, 1997 at 10:05:13PM -0700, Wayne Bouchard wrote:

Okay, so I'm now blocking 45 megs of icmp echo-reply packets at my
borders.. At one point, this was 80,000 packets/sec. (No, I'm
not exagerating.)


<SoapBox>

For anyone who has not, PLEASE DISABLE DIRECTED BROADCASTS!
Tell a friend.. If you sell routers to clients and/or you
configure them, include that in your default configuration.
Encourage people to filter inbound ICMP where possible..
Do whatever it takes to work with your customer/peers to
put a stop to this kind of abuse. Of all the attacks to date,
this (and the recent land.c which is a different issue together)
threaten the most disruption of internet services. With ISDN and
DSL, users have the bandwidth necessary to generate even more
dangerous levels of traffic. If you don't think this issue affects
you, it does. If you're not a target, your probably being used
as a source.

</SoapBox>

We thank you for your support..


----------------------------------------------------------------------
Wayne Bouchard                             GlobalCenter
web () primenet com                           
Primenet Network Operations                Internet Solutions for
(602) 416-6422   800-373-2499 x6422        Growing Businesses
FAX: (602) 416-9422
http://www.primenet.com                    http://www.globalcenter.net
----------------------------------------------------------------------


I suggest finding the source networks (MCI has published such a tool) and 
dropping their BGP sessions until they deal with the problem.

There is one national network in particular that IMHO doesn't give a damn
about this, and has turned their head the other way MULTIPLE times when we
have attempted to track this down.

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly to FULL DS-3 Service
                             | NEW! K56Flex support on ALL modems
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

Current thread:

smurf Wayne Bouchard (Dec 08)
- Re: smurf Karl Denninger (Dec 08)
  - Re: smurf Dean Anderson (Dec 08)
- Re: smurf Adrian Chadd (Dec 08)
  - Re: smurf Craig A. Huegen (Dec 08)
  - Re: smurf Phil Howard (Dec 08)
    - Re: smurf Wayne Bouchard (Dec 08)
    - Re: smurf Alec H. Peterson (Dec 08)
  - Re: smurf Mike Hedlund (Dec 08)
    - Re: smurf Leigh Porter (Dec 08)
  - Re: smurf Henry Linneweh (Dec 08)
- <Possible follow-ups>
- Re: smurf Joe Provo - Network Architect (Dec 08)

(Thread continues...)