nanog mailing list archives
Re: Solution: Re: Huge smurf attack
From: Daniel Senie <dts () senie com>
Date: Wed, 13 Jan 1999 20:37:28 -0500
Brett Frankenberger wrote:
:: Brandon Ross writes ::Doing something like this, similar to the serveral suggestions to filter all .0 and .255 addresses, is an attempt to fix the symptom instead of the real problem.So is forcing vendors to make the equivalent of "no ip directed-broadcast" the default. The problem is that dolts configure routers. The symptom is "ip directed-broadcast" is configured (or not unconfigured) where is shouldn't be.
Actually, several vendors came to the conclusion they should change the default on their own... But, as customers of the router and networking equipment vendors, the choice IS ultimately yours. If you have specific needs, then ask for them. If you feel that routers which can filter RFC1918 addresses at your peering points, at wire speed without croaking is important to you and your neighbor ISPs, then ask for it. Such things CAN be built, if someone expresses a desire to buy.
(For the record, I agree with you on blocking ICMPs and blocking .0/.255 ... both are bad ideas. But so is forcing vendors to violate the router requirements RFC. If we (the internet community) want directed broadcasts to be dropped by default, we should get off our collective duffs and change the RFC.)
On the subject of changing the RFC, I had been thinking about submitting a draft on this subject for a while, and did submit one yesterday. See <draft-senie-directed-broadcast-00.txt> on your favorite document mirror site. I guess that qualifies as getting off my duff. Please read the document and send me comments. Dan -- ----------------------------------------------------------------- Daniel Senie dts () senie com Amaranth Networks Inc. http://www.amaranthnetworks.com
Current thread:
- Re: Solution: Re: Huge smurf attack, (continued)
- Re: Solution: Re: Huge smurf attack Ray Everett-Church (Jan 14)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 14)
- Re: Solution: Re: Huge smurf attack Daniel Senie (Jan 14)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 14)
- Re: Solution: Re: Huge smurf attack Robbie Honerkamp (Jan 14)
- Re: Solution: Re: Huge smurf attack Dean Anderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 12)
- Re: Solution: Re: Huge smurf attack danderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 12)
- Re: Solution: Re: Huge smurf attack Brett Frankenberger (Jan 13)
- Re: Solution: Re: Huge smurf attack Daniel Senie (Jan 13)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 12)
- Re: Solution: Re: Huge smurf attack danderson (Jan 13)
- Re: Solution: Re: Huge smurf attack Harold Willison (Jan 14)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 14)
- Re: Solution: Re: Huge smurf attack Steven J. Sobol (Jan 16)
- Re: Solution: Re: Huge smurf attack Steven J. Sobol (Jan 16)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 16)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 14)