Firewall Wizards mailing list archives
Re: Re[2]: Smurfs and fraggles
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Thu, 11 Feb 1999 14:02:17 -0800
I realize that my filter won't prevent me from getting attacked but it
will at
least prevent me from being an amplifier. Based on my understanding I
don't see
as there is a way to prevent from being attacked unless I can somehow
monitor
the rate of incoming ICMP packets and if there's some sudden spike from a certain IP address or addresses automatically filter them out. That seems
like
a fair amount of intelligence and programming to put into a router or
firewall. Nah, setting thresholds and taking some action is something that many IDS systems, and some firewalls can do. The problem is (for most people) that by the time tre traffic reaches some device you control, the damage is done. I.e. you can filter it at your access router, but your T1 is full. The attacker has to find a site with more bandwidth than you to bounce off of. Usually, most people want to detect smurf attacks so they can call the admin of the relay site and ask them to fix their config. Ryan
Current thread:
- Re: Smurfs and fraggles, (continued)
- Re: Smurfs and fraggles Barrett G. Lyon (Feb 10)
- Re: Smurfs and fraggles Arnd Vehling (Feb 10)
- Re: Smurfs and fraggles Ted Doty (Feb 11)
- Re: Re[2]: Smurfs and fraggles Dani Arbel (Feb 11)
- Re: Smurfs and fraggles Robert Graham (Feb 10)
- RE: Smurfs and fraggles John McDonald (Feb 10)
- Re[2]: Smurfs and fraggles dcostello (Feb 11)
- Re: Smurfs and fraggles Bennett Todd (Feb 11)
- Re: Smurfs and fraggles Laurent LEVIER (Feb 12)
- Re: Smurfs and fraggles Bennett Todd (Feb 17)
- Re: Smurfs and fraggles Bennett Todd (Feb 11)
- Re: Re[2]: Smurfs and fraggles Ryan Russell (Feb 11)