nanog mailing list archives
Re: Solution: Re: Huge smurf attack
From: Dean Anderson <dean () av8 com>
Date: Tue, 12 Jan 1999 14:31:07 -0500
Actually, I think all major providers use automatic provisioning systems which generate router configs. They don't need to rely on router vendors to set particular defaults. If all major providers made sure their provisioning systems turned off directed broadcast, a lot of the problem would go away. So "Router defaults" is a lame excuse for ISP's. Even little ISP's have a list of things they have to setup, (eg ip classless, subnet zero, etc) which have "legacy" or otherwise inappropriate defaults. And yes, some customers may in fact want or need directed broadcasts on. For example, if they are subnetting. In that case, you change it for them. I tell our customers certain things are turned off by default, and if they really want it on, they will need to ask. Of course, the problem remains that some smurfers are undoubtedly on this list, possibly working for major providers. (This is my guess as to source of the 10.x smurf amps.) --Dean At 02:05 AM 1/12/1999 -0500, Brandon Ross wrote:
On Mon, 11 Jan 1999, Daniel Senie wrote:The proper answer to this is to disable directed broadcasts on the routers themselves. It'd be helpful if routers came out of the box with this feature disabled by default. Perhaps folks should talk with their router vendors of choice and ask for this change. I have submitted a draft into the IETF process to require this change, updating RFC 1812 (router requirements).I'm happy to say that progress is being made in this area. When a vendor comes to us for the first time, one of things I tell them is that we will not buy their hardware until they ship with directed broadcast disabled by default. We've had a lot of success in this area, we'd have even more if others would do the same. Brandon Ross Network Engineering 404-815-0770 800-719-4664 Director, Network Engineering, MindSpring Ent., Inc. info () mindspring com ICQ: 2269442 Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean () av8 com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Current thread:
- Re: Solution: Re: Huge smurf attack danderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Dalvenjah FoxFire (Jan 12)
- Re: Solution: Re: Huge smurf attack Steve Gibbard (Jan 12)
- Re: Solution: Re: Huge smurf attack Craig A. Huegen (Jan 12)
- <Possible follow-ups>
- Re: Solution: Re: Huge smurf attack Dean Anderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 12)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 12)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 13)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 13)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 13)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 13)
- Message not available
- Re: Solution: Re: Huge smurf attack Peter Swedock (Jan 14)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 14)
- Re: Solution: Re: Huge smurf attack Joe Shaw (Jan 14)
- Re: Solution: Re: Huge smurf attack David Lesher (Jan 14)