nanog mailing list archives
Re: source filtering
From: Daniel Senie <dts () senie com>
Date: Tue, 12 Jan 1999 14:38:55 -0500
"Craig A. Huegen" wrote:
On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh wrote: ==>Is UDP smurf much in evidence? (send a UDP packet to the broadcast address ==>on the echo server port and you'll either get ICMP port unreachables ==>back or UDP echos). The reason I ask is that edge ICMP rate ==>limiting won't help UDP. People are still preferring ICMP smurfs as the reflection is usually greater. With that said, you can use a line like the following to filter UDP echo smurfs at the network border; it won't affect other UDP traffic. access-list 101 permit udp any eq 7 any
A side effect of the above filter is that it'll interfere with some web caches. Now mind you I'm not sure that's a bad thing or a good thing, it's just how it is. Whomever came up with using the UDP echo port as part of a web cache's operation must have had no ops experience on the Internet. The web cache packets are recognizable by having a source port of 3130 and destination port of 7. Since I care more about preventing attacks than I do about web caches, I allow these to be blocked. Dan -- ----------------------------------------------------------------- Daniel Senie dts () senie com Amaranth Networks Inc. http://www.amaranthnetworks.com
Current thread:
- source filtering Jared Mauch (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Jared Mauch (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Dan Hollis (Jan 12)
- Re: source filtering Craig A. Huegen (Jan 12)
- Re: source filtering Craig A. Huegen (Jan 12)
- Re: source filtering Dan Hollis (Jan 12)
- Re: source filtering Daniel Senie (Jan 12)
- Re: source filtering Jared Mauch (Jan 12)
- Re: source filtering Dalvenjah FoxFire (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Phillip Vandry (Jan 12)
- <Possible follow-ups>
- Re: source filtering prue (Jan 12)
- Re: source filtering Alex P. Rudnev (Jan 13)
- RE: source filtering Scott McGrath (Jan 13)
- Message not available
- Re: source filtering Tony Tauber (Jan 13)
- Message not available
- Re: source filtering Jay R. Ashworth (Jan 16)
- Message not available
- Re: source filtering Tony Tauber (Jan 17)
- Message not available