nanog mailing list archives
Re: SMURF amplifier block list
From: jlixfeld () idirect ca
Date: Sun, 19 Apr 1998 18:46:13 -0400 (EDT)
Uhmm, would the 255.255.255.255 wildcard not be 255.255.255.0? On Sat, 18 Apr 1998, Dean Anderson wrote: :Umm, I think this has already been hashed out. This is not the only netmask :on the planet, and you don't know what other networks netmasks are under :CIDR. Trying to guess the netmask just leads to breakage. : :All you want to do is stop packets coming in to your broadcast address. :For example, for your network x.y.z/n (n=24) with your broadcast address :of x.y.z.255: (I presume everyone can translate between CIDR notation and :dotted decimal ;-) : :deny ip any x.y.z.255 255.255.255.255 : :no ip directed broadcast basically puts in the same rule, but it does it :automatically by looking at the netmasks on the interfaces. : : --Dean : :>Why don't use the filter :> :> deny icmp any 0.0.0.255 255.255.255.0 echo-request :> :>on the incoming lines? It just block 99.999% of this smurf amplifiers; :>and I hardly think someone eve sence this restriction for the real PING :>tests. :> :>??? :> :> :> :>On Fri, 17 Apr 1998, Dean Anderson wrote: :> :>> Date: Fri, 17 Apr 1998 18:09:08 -0400 :>> From: Dean Anderson <dean () av8 com> :>> To: jlixfeld () idirect ca :>> Cc: nanog () merit edu :>> Subject: Re: SMURF amplifier block list :>> :>> > Does no ip directed broadcast really work? :>> :>> Yes. It works. :>> :>> And it works for whatever your particular netmask or broadcast address :>> happens to be, which is what's important. :>> :>> The only time you shouldn't do it globally is when some other network :>> really needs to see broadcasts. For example, If we manage a client's :>> network with HP OpenView over the internet, we need to be able to send them :>> directed broadcasts, so that OpenView host discovery will work. Patrol :>> works the same way, as do other products. In this case you can't use the :>> "no ip directed broadcast" switch, but you can still set up access rules :>> which do the same thing except for the permitted network. :>> :>> Bottom line is that you should protect your network from people who would :>> either abuse it via smurfing, or simply have no business looking for hosts :>> on your network. You have the tools to do it. :>> :>> --Dean :>> :>> :>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ :>> Plain Aviation, Inc dean () av8 com :>> LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com :>> We Make IT Fly! (617)242-3091 x246 :>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ :>> :>> :>> :> :>Aleksei Roudnev, Network Operations Center, Relcom, Moscow :>(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) :>239-10-10, N 13729 (pager) :>(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax) : : : :++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ : Plain Aviation, Inc dean () av8 com : LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com : We Make IT Fly! (617)242-3091 x246 :++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ : : -- Regards, Jason A. Lixfeld jlixfeld () idirect ca iDirect Network Operations jlixfeld () torontointernetxchange net --------------------------------------------------------------------- TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company" Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs" 5415 Dundas Street West | http://www.torontointernetxchange.net Suite 301, Toronto Ontario | (416) 236-5806 (T) M9B-1B5 CANADA | (416) 236-5804 (F) ---------------------------------------------------------------------
Current thread:
- Re: Filtering ICMP (Was Re: SMURF amplifier block list), (continued)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Jason Lixfeld (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Pete Ashdown (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Richard Irving (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Brandon Ross (Apr 26)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Dillon (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Mark Whitis (Apr 26)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Phil Howard (Apr 18)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 19)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 20)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Dean Anderson (Apr 19)
- Re: SMURF amplifier block list Jason Lixfeld (Apr 24)
- Re: SMURF amplifier block list Dean Anderson (Apr 24)
- Re: SMURF amplifier block list Stephen Sprunk (Apr 17)
- SMURF and spoofing: Important new information! Michael Dillon (Apr 17)
- Re: SMURF amplifier block list James R. Cutler (Apr 14)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 14)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 14)
- Re: SMURF amplifier block list Brett Frankenberger (Apr 14)
- Message not available
- Re: SMURF amplifier block list James R. Cutler (Apr 15)