nanog mailing list archives
Re: SMURF amplifier block list
From: Dean Anderson <dean () av8 com>
Date: Tue, 14 Apr 1998 01:15:51 -0400
You right that all BGP would do is block traffic to that network. But it
does block *all* traffic to that network. Once the attack is started, it
must either be stopped at the source, or by inbound packet filters.
Not that I'm defending it as completely effective method, but presumably
some of the customers of the smurfable network have the off-hours access
numbers to the noc of the smurfing network, once they notice their
connectivity to elsewhere is lost. Adding a route to a route filter at a
high enough level ought to get some quick attention from the smurfing
network operator. Especially if its their upstream that blocked them.
Things actually break for them, as opposed to just higher network load.
It also prevents your own disgruntled users from launching a smurf attack
against other users on your net, since they won't be able to reach those
networks. At least, not from your machines.
Also, it will prevent a person from launching an attack if someone is
filtering between them and the network.
And it has the advantage of being automatically updated, once a change is
made to the master list.
And I think a route blackhole is probably faster than a permission list.
Not positive, though.
Anyway, I'll offer a site to host the list, and redistribute the list in
hopefully convenient forms. Several people have already volunteered to
help, so its up to you folks to ask for and/or implement convenient forms
of distribution. Whether you want to block all ingress by hand, or just
general connectivity by BGP or some other method is up to you. It is
possible to do both, or neither. The important thing is to get a list and
maintain it. I think we can dump the list into several different forms for
distribution.
--Dean
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Plain Aviation, Inc dean () av8 com
LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com
We Make IT Fly! (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Current thread:
- Re: SMURF amplifier block list, (continued)
- Re: SMURF amplifier block list Karl Denninger (Apr 11)
- Re: SMURF amplifier block list dirk (Apr 12)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 13)
- Re: SMURF amplifier block list Dean Anderson (Apr 13)
- Re: SMURF amplifier block list Karl Denninger (Apr 13)
- Re: SMURF amplifier block list Dean Anderson (Apr 13)
- Re: SMURF amplifier block list Vadim Antonov (Apr 13)
- Re: SMURF amplifier block list Karl Denninger (Apr 13)
- Re: SMURF amplifier block list Randy Bush (Apr 13)
- Re: SMURF amplifier block list Jason L. Weisberger (Apr 13)
- Re: SMURF amplifier block list Dean Anderson (Apr 13)
- Re: SMURF amplifier block list Forrest W. Christian (Apr 13)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 14)
- Re: SMURF amplifier block list Forrest W. Christian (Apr 14)
- Re: SMURF amplifier block list Michael Shields (Apr 14)
- Re: SMURF amplifier block list Brett Frankenberger (Apr 14)
- Re: SMURF amplifier block list Stephen Sprunk (Apr 13)
- Re: SMURF amplifier block list Aaron Beck (Apr 14)
- Re: SMURF amplifier block list Karl Denninger (Apr 14)
- Re: SMURF amplifier block list Charley Kline (Apr 14)
- Re: SMURF amplifier block list Stephen Sprunk (Apr 14)