nanog mailing list archives
Re: Solution: Re: Huge smurf attack
From: Brandon Ross <bross () mindspring net>
Date: Wed, 13 Jan 1999 02:20:29 -0500 (EST)
On Tue, 12 Jan 1999, Dean Anderson wrote:
Actually, I think all major providers use automatic provisioning systems which generate router configs. They don't need to rely on router vendors to set particular defaults. If all major providers made sure their provisioning systems turned off directed broadcast, a lot of the problem would go away. So "Router defaults" is a lame excuse for ISP's. Even little ISP's have a list of things they have to setup, (eg ip classless, subnet zero, etc) which have "legacy" or otherwise inappropriate defaults.
We don't ask our vendors to provide equipment with directed broadcast turned off by default for our own use or use by any clueful operator. The reason we require directed broadcast to be turned off by default is so that when a less-than-clueful operator gets a hold of the same box, they don't become yet another smurf amplifier that ends up being used to attack us. If and when I have the leverage with a vendor to get this implemented, I use it, every single time. Brandon Ross Network Engineering 404-815-0770 800-719-4664 Director, Network Engineering, MindSpring Ent., Inc. info () mindspring com ICQ: 2269442 Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
Current thread:
- Re: Solution: Re: Huge smurf attack danderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Dalvenjah FoxFire (Jan 12)
- Re: Solution: Re: Huge smurf attack Steve Gibbard (Jan 12)
- Re: Solution: Re: Huge smurf attack Craig A. Huegen (Jan 12)
- <Possible follow-ups>
- Re: Solution: Re: Huge smurf attack Dean Anderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 12)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 12)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 13)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 13)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 13)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 13)
- Message not available
- Re: Solution: Re: Huge smurf attack Peter Swedock (Jan 14)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 14)
- Re: Solution: Re: Huge smurf attack Joe Shaw (Jan 14)
- Re: Solution: Re: Huge smurf attack David Lesher (Jan 14)
- Re: Solution: Re: Huge smurf attack David Lesher (Jan 14)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 14)