nanog mailing list archives
Re: Smurfing
From: "Craig A. Huegen" <chuegen () quadrunner com>
Date: Fri, 13 Feb 1998 15:58:57 -0800 (PST)
On Fri, 13 Feb 1998, Steve Hultquist wrote: ==>Don't these answers answer a different question? Isn't the question how to ==>filter *outbound* attacks, not inbound ones? Filtering the inbound ones is ==>pretty easy on a Bay or anything with filters (drop packets bound for the ==>broadcast addresses). Filtering outbound is another story, especially with ==>CIDR. I would like to set up my routers to make sure I'm protecting as much ==>of the 'net as possible from attempts by my customers to do evil. However, ==>it's not clear to me how to do that. Does "no ip directed-broadcast" somehow ==>filter the *outbound* attacks or just the inbound ones? "no ip directed-broadcast" keeps you from being one of the intermediaries in the attack (traffic multiplier). It prevents a perpetrator from being able to multiply his traffic toward the victim, which is what makes smurf so dangerous. Outbound spoof filtering fixes more than just the smurf attack, and is what everyone *should* be doing to protect against customers spoofing. For now, you can place outbound ACL's on your interfaces. Some folks have reported that functionality is currently being tested for a unicast RPF check for Cisco IOS. This feature will (on a per interface basis) allow you to specify that packets coming in on an interface must follow that interface to get back to the host. Note that this feature will not work everywhere (multihomed/first-exit environments), but will provide protection against spoofing. /cah
Current thread:
- Re: Smurfing, (continued)
- Re: Smurfing Alex P. Rudnev (Feb 18)
- Re: Smurfing Paul Ferguson (Feb 18)
- Re: Smurfing Dean Anderson (Feb 13)
- Re: Smurfing ken emery (Feb 13)
- Re: Smurfing Dean Anderson (Feb 16)
- Message not available
- Re: Smurfing Jay R. Ashworth (Feb 13)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing David J. Schmidt (Feb 15)
- Re: Smurfing Steve Camas (Feb 15)
- Re: Smurfing Jon Lewis (Feb 15)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing Michael Shields (Feb 15)
- Re: Smurfing Dean Anderson (Feb 16)