nanog mailing list archives
Re: SMURF amplifier block list
From: jlixfeld () idirect ca
Date: Sun, 19 Apr 1998 18:44:42 -0400 (EDT)
If you do it on your cores as opposed to your border routes, it should know. Your core routers probably created the aggregated B that the border routers get from the cores and in turn advertise out. If you want to filter at the borders (which would stop traffic from hitting your core in the first place) that is probably the way to do it, but if you are in a situation where you didn't subnet at the 8bit boundary, or something else, then you may need to run with it, let the traffic hit your core, and filter it from there. On Sat, 18 Apr 1998, Dan Boehlke wrote: :What about people who didn't subnet their class B on the eight bit :boundry, but made larger subnets instead? What about the class B that :doesn't appear to be subnetted at all? What about supernetted class C :networks? A trailing .255 can be a valid host. : :On Sat, 18 Apr 1998, Alex P. Rudnev wrote: : :> Why don't use the filter :> :> deny icmp any 0.0.0.255 255.255.255.0 echo-request :> :> on the incoming lines? It just block 99.999% of this smurf amplifiers; :> and I hardly think someone eve sence this restriction for the real PING :> tests. :> :> ??? :> :> :> :> On Fri, 17 Apr 1998, Dean Anderson wrote: :> :> > Date: Fri, 17 Apr 1998 18:09:08 -0400 :> > From: Dean Anderson <dean () av8 com> :> > To: jlixfeld () idirect ca :> > Cc: nanog () merit edu :> > Subject: Re: SMURF amplifier block list :> > :> > > Does no ip directed broadcast really work? :> > :> > Yes. It works. :> > :> > And it works for whatever your particular netmask or broadcast address :> > happens to be, which is what's important. :> > :> > The only time you shouldn't do it globally is when some other network :> > really needs to see broadcasts. For example, If we manage a client's :> > network with HP OpenView over the internet, we need to be able to send them :> > directed broadcasts, so that OpenView host discovery will work. Patrol :> > works the same way, as do other products. In this case you can't use the :> > "no ip directed broadcast" switch, but you can still set up access rules :> > which do the same thing except for the permitted network. :> > :> > Bottom line is that you should protect your network from people who would :> > either abuse it via smurfing, or simply have no business looking for hosts :> > on your network. You have the tools to do it. :> > :> > --Dean :> > :> > :> > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ :> > Plain Aviation, Inc dean () av8 com :> > LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com :> > We Make IT Fly! (617)242-3091 x246 :> > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ :> > :> > :> > :> :> Aleksei Roudnev, Network Operations Center, Relcom, Moscow :> (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) :> (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax) :> : :-- :Dan Boehlke, Senior Network Engineer M R N e t :Internet: dboehlke () mr net A MEANS Telcom Company :Phone: 612-362-5814 2829 SE University Ave. Suite 200 :WWW: http://www.mr.net/~dboehlke/ Minneapolis, MN 55414 : -- Regards, Jason A. Lixfeld jlixfeld () idirect ca iDirect Network Operations jlixfeld () torontointernetxchange net --------------------------------------------------------------------- TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company" Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs" 5415 Dundas Street West | http://www.torontointernetxchange.net Suite 301, Toronto Ontario | (416) 236-5806 (T) M9B-1B5 CANADA | (416) 236-5804 (F) ---------------------------------------------------------------------
Current thread:
- Re: SMURF amplifier block list, (continued)
- Re: SMURF amplifier block list Brandon Ross (Apr 20)
- Re: SMURF amplifier block list Dean Anderson (Apr 20)
- Re: SMURF amplifier block list Dave Andersen (Apr 20)
- Re: SMURF amplifier block list Jeremy Porter (Apr 20)
- Re: SMURF amplifier block list Brandon Ross (Apr 22)
- Re: SMURF amplifier block list Jason Lixfeld (Apr 24)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 20)
- Spoofed Packet Tracker (Was Re: SMURF amplifier block list) Jared Mauch (Apr 20)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 19)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Pete Ashdown (Apr 20)
- Re: SMURF amplifier block list Jason Lixfeld (Apr 24)
- Filtering ICMP (Was Re: SMURF amplifier block list) Mark Whitis (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Marc Slemko (Apr 20)