nanog mailing list archives
Re: SMURF amplifier block list
From: Jason Lixfeld <jlixfeld () idirect ca>
Date: Thu, 23 Apr 1998 22:45:41 -0400 (EDT)
What's the difference? If you do echo-reply, whoever initiated the ping will never see a response because it is filtered by the echo-reply in the first place. Or am I missing something with the echo-reply?! (it's late, forgive my ignorance) =) On Mon, 20 Apr 1998, Pete Ashdown wrote: :jlixfeld () idirect ca said once upon a time: :> :>You could always "deny icmp any aaa.bbb.ccc.ddd www.ccc.nnn.mmm log" on :>your cores. Deny ICMP from critical portions of your network. Create a :>little script which tail -fs the log, parses it, sorts it and counts it. :>If the script counts more then xxx hits on a certain IP or a certain :>number of IPs on your network from the same source or a multiple sources :>on the same network, you have your upstream. Once you have them, you can :>call them and ask them to do the same until you find the real source. : :You might want to stick in an "echo-reply" before the log. This will :specifically block the smurf, but won't affect any of the other ICMP which :does have a useful purpose. This of course will stop any of the blocked :addresses from doing outside pings or traceroutes as well. : -- Regards, Jason A. Lixfeld jlixfeld () idirect ca iDirect Network Operations jlixfeld () torontointernetxchange net --------------------------------------------------------------------- TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company" Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs" 5415 Dundas Street West | http://www.torontointernetxchange.net Suite 301, Toronto Ontario | (416) 236-5806 (T) M9B-1B5 CANADA | (416) 236-5804 (F) ---------------------------------------------------------------------
Current thread:
- Spoofed Packet Tracker (Was Re: SMURF amplifier block list), (continued)
- Spoofed Packet Tracker (Was Re: SMURF amplifier block list) Jared Mauch (Apr 20)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 19)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Pete Ashdown (Apr 20)
- Re: SMURF amplifier block list Jason Lixfeld (Apr 24)
- Filtering ICMP (Was Re: SMURF amplifier block list) Mark Whitis (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Marc Slemko (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Dillon (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Mark Whitis (Apr 22)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Dillon (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Shields (Apr 22)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Alex P. Rudnev (Apr 21)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) D'Arcy J.M. Cain (Apr 22)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Alex P. Rudnev (Apr 21)
- Message not available
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Eric Germann (Apr 21)