nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SMURF amplifier block list

From: Dean Anderson <dean () av8 com>
Date: Sat, 18 Apr 1998 15:31:48 -0400
At 3:21 PM -0400 4/18/98, Alex P. Rudnev wrote:

During an in progress attack, you probably have to take extreme measures,

Do you remember - it's not attack against you or attack by some of your
customer's networks used as amplifier, but the attack initiated from your
own network. You never note such thing withouth some permanent
measurement.

It's why we saw this 100% helpless against the SMURF's.


But to protect your own network, all you need is the access rule I gave.
You know your own broadcast address and netmask, and can put in a rule to
block.

You just can't block the presumed broadcast address used by other peoples
networks.

Logging attempted attacks which are blocked can't really be done with a
cisco.  You need something to monitor the line coming in.

                --Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
           We Make IT Fly!                (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Previous By Date Next
Previous By Thread Next

Current thread: