nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SMURF amplifier block list

From: Dean Anderson <dean () av8 com>
Date: Sat, 18 Apr 1998 15:48:57 -0400
During an in progress attack, you probably have to take extreme measures,

Do you remember - it's not attack against you or attack by some of your
customer's networks used as amplifier, but the attack initiated from your
own network. You never note such thing withouth some permanent
measurement.


Oops. I misunderstood this first time round.  I don't think you can easily
detect smurf initiations, because you have to guess at the broadcast
address.

I think it is much easier to detect and block forged source addresses,
which are also necessary for the hacker who is operating out of your
network.

                --Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
           We Make IT Fly!                (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Previous By Date Next
Previous By Thread Next

Current thread: