nanog mailing list archives
Re: smurf's attack...
From: Rick Summerhill <rrsum () cody flinthills com>
Date: Fri, 5 Sep 1997 16:23:45 -0500 (CDT)
On Fri, 5 Sep 1997, Jordyn A. Buchanan wrote:
At 2:45 PM -0500 9/5/97, Jon Green wrote:On Fri, 5 Sep 1997 15:24:58 -0400, jordyn () bestweb net writes:We're also using the following extended access list (along with anti-spoofing filters) to prevent smurf attacks from originating from our network: access-list XXX deny ip any 0.0.0.255 255.255.255.0Folks, this is a bad idea. There are lots of completely valid IP addresses out there that end in .255. True, most of them that end in .255 ARE broadcast addresses, but if people implement this kind of filtering on a large scale, it really breaks classless IP.Eep, this is true. (Stupid me). Haven't had any complaints yet from users unable to access anything yet, but so much for making the 'Net slightly safer from this crap.
Well, I'm not so sure it is a bad idea in all cases. Like anything, you should apply this with a little forthought, however. If you know how your network is configured, if you know how people have carved up their class B's and such, you can eliminate a lot of the problems by doing this kind of thing, especially if your network is not too large. It won't stop a broadcast sent to a network like 129.129.4.0/22 (i.e. 129.129.7.255), and the same is true for smaller networks, but if you have a bunch of class B's and you have carved them up into /24's, then you can catch a lot of the problems by doing just that filter. As a general rule, for everyone, probably not! --Rick -- Rick Summerhill Network administrator, KANREN 5008 Canyon Road The University of Kansas Manhattan, KS 66503 rrsum () kanren net (785) 539-6796 rrsum () cody flinthills com
Current thread:
- smurf's attack... Network Administrator (Sep 05)
- Message not available
- Re: smurf's attack... Jay R. Ashworth (Sep 05)
- Message not available
- Re: smurf's attack... David Papp (Sep 05)
- Re: smurf's attack... Jordyn A. Buchanan (Sep 05)
- Re: smurf's attack... Jon Green (Sep 05)
- Re: smurf's attack... Jordyn A. Buchanan (Sep 05)
- Re: smurf's attack... Rick Summerhill (Sep 05)
- Re: smurf's attack... Michael K. Sanders (Sep 05)
- Re: smurf's attack... DAVE NORDLUND (Sep 05)
- Re: smurf's attack... Jordyn A. Buchanan (Sep 05)
- Re: smurf's attack... Michael K. Sanders (Sep 05)
- Re: smurf's attack... Randy Bush (Sep 05)
- Re: smurf's attack... Jordyn A. Buchanan (Sep 05)
- Re: smurf's attack... Dave Andersen (Sep 06)
- Re: smurf's attack... Randy Bush (Sep 05)
- Message not available
- Re: smurf's attack... Jay R. Ashworth (Sep 05)
- Re: smurf's attack... Dave Bergum (Sep 05)
- Re: smurf's attack... Phil Howard (Sep 05)