nanog mailing list archives

Re: smurf

From: Leigh Porter <leigh () wisper net>
Date: Mon, 08 Dec 1997 22:20:11 +0000

Mike Hedlund wrote:

[snip]

Well.. the main problem with smurf is that as far as i know, it uses the
reply from a broadcast. that will rule out tcp unless they send a direct
flow from the attackers box to the destination/victims box. For UDP,
you would have to send it to a broadcast, and also hope there is a udp
service listening (ie.. a test program i wrote sent 1 udp broadcast to
198.32.136.255:7 and received a whole bunch of replies.. turn off small
services on routers would be helpfull.. :)). You could also do that to
any network, the point being.. its easier to disable simple udp services
then to setup filters on border routers..

-mike


I guess that depends upon how many border routers you have :)

It would also help to filter outgoing traffic from your network to
ensure
you do not become the unwitting source of a smurf attack..

--
Leigh Porter

Current thread:

smurf Wayne Bouchard (Dec 08)
- Re: smurf Karl Denninger (Dec 08)
  - Re: smurf Dean Anderson (Dec 08)
- Re: smurf Adrian Chadd (Dec 08)
  - Re: smurf Craig A. Huegen (Dec 08)
  - Re: smurf Phil Howard (Dec 08)
    - Re: smurf Wayne Bouchard (Dec 08)
    - Re: smurf Alec H. Peterson (Dec 08)
  - Re: smurf Mike Hedlund (Dec 08)
    - Re: smurf Leigh Porter (Dec 08)
  - Re: smurf Henry Linneweh (Dec 08)
- <Possible follow-ups>
- Re: smurf Joe Provo - Network Architect (Dec 08)
  - Re: smurf Craig A. Huegen (Dec 08)
  - Message not available
    - Re: smurf Paul Ferguson (Dec 10)
- Re: smurf Joe Provo - Network Architect (Dec 09)