Firewall Wizards mailing list archives
Re: Re[2]: Smurfs and fraggles
From: Dani Arbel <darbel () techunix technion ac il>
Date: Thu, 11 Feb 1999 08:18:38 +0200 (IST)
Hi! Well , you should do that. This will not defend you from being the attacked site. In smurf attack, host a from site A sends an icmp echo req. to the broadcast address of site B with a spoofed ip source, the ip of the victim. Thus all nodes at B flood the victim with echo replies to an echo request he never sent. The point is that this attack would probebly degrade your WAN link, and not choke the victim host. Blocking the broadcast address is done easily on a cisco router (no direct broadcast). Blocking the attack is problematic, you need to use a traffic shaper machine on the remote side of your WAN link and restric the bandwidth of icmp (and maybe ip ?) echo . Dani On Wed, 10 Feb 1999 dcostello () cmol com wrote:
If I understand this correctly would a simple solution be to filter all incomming broadcasts? Would it just be a matter of setting up a filter on the router to drop all incomming packets with a destination address of xxx.xxx.xxx.255 where xxx.xxx.xxx is my network address? Is there a reason I wouldn't want to do this? ____________________Reply Separator____________________ Subject: Re: Smurfs and fraggles Author: Joe Kelly <jkelly () eagle1 osaccess net> Date: 2/9/99 3:06 PM Dave, What kind of routers are you running? If you have ciscos, you can use a function called CAR to rate limit inbound ICMP. Fraggle attacks are a bit trickier as they tend to be aimed at random UDP ports, and don't usually consume as much bandwidth. With fraggles, it's the packets per second that kill you. Back in my IDT days, I had to fend off many of these attacks. Check out the Nanog archives http://www.nanog.org. Also check out http://www.merit.edu/ipma/docs/isp.html#abuse. This is off nanog's page, and provides many useful links. Probably one of the easiest ways to prevent these attacks is to outsource your IRC server. Good luck! Let me know if you have any other questions. Joe Kelly Ex-network Engineer IDT Corp. Speaking for myself On Mon, 8 Feb 1999 dcostello () cmol com wrote:Does anyone have information on this DOS attack and how to guard against it?
Current thread:
- Smurfs and fraggles dcostello (Feb 09)
- <Possible follow-ups>
- Re: Smurfs and fraggles Rick Murphy (Feb 10)
- Re[2]: Smurfs and fraggles dcostello (Feb 10)
- Re: Smurfs and fraggles Barrett G. Lyon (Feb 10)
- Re: Smurfs and fraggles Arnd Vehling (Feb 10)
- Re: Smurfs and fraggles Ted Doty (Feb 11)
- Re: Re[2]: Smurfs and fraggles Dani Arbel (Feb 11)
- Re: Smurfs and fraggles Robert Graham (Feb 10)
- RE: Smurfs and fraggles John McDonald (Feb 10)
- Re[2]: Smurfs and fraggles dcostello (Feb 11)
- Re: Smurfs and fraggles Bennett Todd (Feb 11)
- Re: Smurfs and fraggles Laurent LEVIER (Feb 12)
- Re: Smurfs and fraggles Bennett Todd (Feb 17)
- Re: Smurfs and fraggles Bennett Todd (Feb 11)
- Re: Re[2]: Smurfs and fraggles Ryan Russell (Feb 11)