nanog mailing list archives
Re: SMURF amplifier block list
From: Dean Anderson <dean () av8 com>
Date: Tue, 14 Apr 1998 01:15:51 -0400
You right that all BGP would do is block traffic to that network. But it does block *all* traffic to that network. Once the attack is started, it must either be stopped at the source, or by inbound packet filters. Not that I'm defending it as completely effective method, but presumably some of the customers of the smurfable network have the off-hours access numbers to the noc of the smurfing network, once they notice their connectivity to elsewhere is lost. Adding a route to a route filter at a high enough level ought to get some quick attention from the smurfing network operator. Especially if its their upstream that blocked them. Things actually break for them, as opposed to just higher network load. It also prevents your own disgruntled users from launching a smurf attack against other users on your net, since they won't be able to reach those networks. At least, not from your machines. Also, it will prevent a person from launching an attack if someone is filtering between them and the network. And it has the advantage of being automatically updated, once a change is made to the master list. And I think a route blackhole is probably faster than a permission list. Not positive, though. Anyway, I'll offer a site to host the list, and redistribute the list in hopefully convenient forms. Several people have already volunteered to help, so its up to you folks to ask for and/or implement convenient forms of distribution. Whether you want to block all ingress by hand, or just general connectivity by BGP or some other method is up to you. It is possible to do both, or neither. The important thing is to get a list and maintain it. I think we can dump the list into several different forms for distribution. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean () av8 com LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Current thread:
- Re: SMURF amplifier block list, (continued)
- Re: SMURF amplifier block list Karl Denninger (Apr 11)
- Re: SMURF amplifier block list dirk (Apr 12)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 13)
- Re: SMURF amplifier block list Dean Anderson (Apr 13)
- Re: SMURF amplifier block list Karl Denninger (Apr 13)
- Re: SMURF amplifier block list Dean Anderson (Apr 13)
- Re: SMURF amplifier block list Vadim Antonov (Apr 13)
- Re: SMURF amplifier block list Karl Denninger (Apr 13)
- Re: SMURF amplifier block list Randy Bush (Apr 13)
- Re: SMURF amplifier block list Jason L. Weisberger (Apr 13)
- Re: SMURF amplifier block list Dean Anderson (Apr 13)
- Re: SMURF amplifier block list Forrest W. Christian (Apr 13)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 14)
- Re: SMURF amplifier block list Forrest W. Christian (Apr 14)
- Re: SMURF amplifier block list Michael Shields (Apr 14)
- Re: SMURF amplifier block list Brett Frankenberger (Apr 14)
- Re: SMURF amplifier block list Stephen Sprunk (Apr 13)
- Re: SMURF amplifier block list Aaron Beck (Apr 14)
- Re: SMURF amplifier block list Karl Denninger (Apr 14)
- Re: SMURF amplifier block list Charley Kline (Apr 14)
- Re: SMURF amplifier block list Stephen Sprunk (Apr 14)