nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Internet-draft on DDOS defense...

From: Brandon Ross <bross () netrail net>
Date: Thu, 11 May 2000 22:23:48 -0400 (EDT)

On Thu, 11 May 2000, Vipul Shah wrote:


The solution suggested by RFC2644 is for routers only, while the
proposed solution is intended for end-nodes. 

If DDoS Smurf attack is generated using local broadcast, RFC2644
solution won't prevent the attack. Read carefully the last paragraph of
Section 1 of the draft. 


Another point that hasn't been mentioned in this thread is that this type
of attack is very easy to track down, since all the echo-reply packets
will have addresses in the same subnet.  A good portion of the problem
with smurf attacks is not so much the attack itself as the painful process
of tracking it to it's source.

Brandon Ross                                                 404-522-5400
VP Engineering, NetRail                            http://www.netrail.net
AIM:  BrandonNR                                             ICQ:  2269442
Read RFC 2644!
Stop Smurf attacks!  Configure your router interfaces to block directed
broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
Previous By Date Next
Previous By Thread Next

Current thread: