Re: Smurfing

[ken emery <ken () cnet com>]

On Fri, 13 Feb 1998, Dean Anderson wrote:

> At 5:52 PM -0500 2/13/98, Randy Bush wrote:
> > >  o All router administrators on the immediately reachable
> > >    Internet needs to turn off directed broadcasts on their router
> > >    interfaces.  It's conceivable that "a significant portion of
> > >    all" would do as well, but the magnitude of this problem
> > >    boggles the mind.  First of all, we'd need to distribute the
> > >    appropriate amount of clue to all the corners of the net where
> > >    this needs to happen.  Maybe, just maybe, we'll get there
> > >    sometime (I'm an optimist!).
> >
> > why should this not have become the default mode for all vendor diustributed
> > router code?
>
> Because routers used by regular companies on their intranets generally need
> to propogate directed broadcasts so that protocols and software that use
> directed broadcasts in a subnetted environment will work properly. Its only
> at the borders of other companies (such as ISP's) that directed broadcasts
> have to be turned off.
 
If the ICMP packet is permitted in to the internal network then it 
doesn't matter where the network is, only that it have sufficient 
bandwidth to generate the necessary traffic out to the border (from 
the smurfer's POV).  This is why it needs to be turned off on all 
LAN segments (assuming it isn't used for other things).

> Even ISP's that use things like HPOV SNMP host discovery internally need to
> permit internal directed broadcasts.  But they shouldn't go outside your
> network, and you probably don't want them coming in from the outside to
> your internal network.
 
How often is SNMP host discovery done?  Can't HPOV be directed to just 
discover on a specific network?

bye,
ken emery