Re: Solution: Re: Huge smurf attack

[Steve Gibbard <scg () wwnet net>]

Speaking as an ISP with lots of small business customers who don't know
what a smurf attack is, much less why they should want to prevent them,
I've found that the easiest solution to this in dealing with customers
whose routers we don't manage is to stick in a filter on our router
upstream from them, blocking any smurfable broadcast addresses.  Most of
our customers have just one or two subnets, so that's pretty easy, but it
wouldn't scale all that well to customers with larger, more complex
networks, especially if they're changing their network configuration
somewhat frequently.  In that case, though, there's usually somebody there
who I can at least attempt to explain why open broadcast addresses are a
problem to.

-Steve

On Mon, 11 Jan 1999, Jon Lewis wrote:

> On Mon, 11 Jan 1999, Dan Hollis wrote:
>
> > due to unresponsive staff or bad ARIN contact info... but getting their
> > upstream to pull their connection out of the wall gets their 100% 
> > attention REAL quick. Response time goes from weeks to minutes.
>
> This might not be allowed under existing service contracts.  Most
> providers probably have provisions to disconnect for network abuse...but
> not for cluelessness.
>
> ----don't waste your cpu, crack rc5...www.distributed.net team enzo---
>  Jon Lewis <jlewis () fdt net>  |  Spammers will be winnuked or 
>  Network Administrator       |  nestea'd...whatever it takes
>  Florida Digital Turnpike    |  to get the job done.
> ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key________

--
Steve Gibbard
WWNet System Administration
+1 734 513-7707 x 2009
http://www.wwnet.net