Re: SMURF amplifier block list

["Alex P. Rudnev" <alex () Relcom EU net>]

Why don't use the filter

 deny icmp any 0.0.0.255 255.255.255.0 echo-request

on the incoming lines? It just block 99.999% of this smurf amplifiers; 
and I hardly think someone eve sence this restriction for the real PING 
tests.

???



On Fri, 17 Apr 1998, Dean Anderson wrote:

> Date: Fri, 17 Apr 1998 18:09:08 -0400
> From: Dean Anderson <dean () av8 com>
> To: jlixfeld () idirect ca
> Cc: nanog () merit edu
> Subject: Re: SMURF amplifier block list
>
> > Does no ip directed broadcast really work?
>
> Yes. It works.
>
> And it works for whatever your particular netmask or broadcast address
> happens to be, which is what's important.
>
> The only time you shouldn't do it globally is when some other network
> really needs to see broadcasts.  For example, If we manage a client's
> network with HP OpenView over the internet, we need to be able to send them
> directed broadcasts, so that OpenView host discovery will work.  Patrol
> works the same way, as do other products.  In this case you can't use the
> "no ip directed broadcast" switch, but you can still set up access rules
> which do the same thing except for the permitted network.
>
> Bottom line is that you should protect your network from people who would
> either abuse it via smurfing, or simply have no business looking for hosts
> on your network. You have the tools to do it.
>
>               --Dean
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>            Plain Aviation, Inc                  dean () av8 com
>            LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
>            We Make IT Fly!                (617)242-3091 x246
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)