nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: traffic filtering

From: Avleen Vig <lists-nanog () silverwraith com>
Date: Tue, 22 Jan 2002 01:47:47 +0000 (GMT)

On Mon, 21 Jan 2002, Stephen Griffin wrote:


Is this type of filtering common? What alternate solutions are available
to mitigate (I'm assuming) concerns about smurf amplifiers, that still
allow traffic to/from legitimate addresses. What rationale is used to
filter all traffic to network/broadcast addresses of /24 networks while
ignoring network/broadcast of /25-/30? For that matter, what percentage
of smurf amplifiers land on /24 boundaries?


As of last Monday / Tuesday, approximately 45% of all smurf amplifiers in
the RIPE region had addresses ending in .0 or .255 [1].
I'm unsure about ARIN / APNIC IP space.

I would certainly hope the kind of filtering you mention is uncommon :)
If you filter on your ingress, packets who destination address ends in .0
or .255, and you are a smurf amplifier, you're only stalling the
inevitable.
The best course of action is to fix the smurf amplifier itself :)
Check http://www.ircnetops.org/smurf/faq.php if you need to do this.

Regards,



[1] = Data provided by SAFE (http://www.ircnetops.org/smurf)


-- 
Avleen Vig
Network Security Officer
Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
Previous By Date Next
Previous By Thread Next

Current thread: