Re: [nsp] known networks for broadcast ping attacks

["Jay R. Ashworth" <jra () scfn thpl lib fl us>]

On Wed, Jul 30, 1997 at 07:56:11PM +0100, Alex.Bligh wrote:
> Urm, 192.41.177.255 is the MAE-East LAN ?! Are you saying attacks are
> being mounted from here or people are attacking this LAN (not
> sure which is more worrying)

What he's saying is that someone is mounting broadcast ping flooding
attacks with forged source addresses which make them appear to be
coming from MAE-East, among other places.

He correctly notes that this _must_ be fixed at the boundary routers.

Network operators: _please_ make sure your boundary routers do not
allow you to send packets upstream which have source addresses on them
which are not on your networks.  Filters are your friend.  A source
address of 127.anything is pretty uncool, too, as are broadcast
addresses... although those can be harder to figure out nowadays.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra () baylink com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "People propose, science studies, technology
Tampa Bay, Florida          conforms."  -- Dr. Don Norman      +1 813 790 7592