nanog mailing list archives
Re: Filtering ICMP (Was Re: SMURF amplifier block list)
From: Michael Dillon <michael () memra com>
Date: Mon, 20 Apr 1998 23:12:46 -0700 (PDT)
On Tue, 21 Apr 1998, Mark Whitis wrote:
Really, you should filter the known broadcast addresses of your downstream networks with the cooperation of those networks.
Exactly! You can run your own tests for likely broadcast addresses and if you find an open broadcast address you should contact the downstream network and ask if they can block directed broadcasts and if they can't then you should get their permission to filter traffic to the open broadcast address and regardless of their permission you should contact the vendor of their equipment to inquire why the equipment is broken and unsuitable for use on the Internet. And it would be nice to forward any vendor info to Craig Huegen chuegen () quadrunner com so he can update his SMURF document and submit it for publication as an informational RFC with all the vendor info in place.
What I was objecting to was the idea that some ISP would get the idea that it was a good idea to filter all .255 destined traffic passing through their network
Yuk!
Actually, even if they don't know the subnet structure before hand, they will discover this, as far as is relevent to smurfing, when they perform a smurf scan on their own CIDR blocks. Any address that results in multiple smurf type echo replies from different addresses would be considered a broadcast address; any that didn't, wouldn't.
Exactly! And by cleaning up your downstream vulnerabilities you reduce the chances that your entire address space will be blocked by other network operators. -- Michael Dillon - Internet & ISP Consulting http://www.memra.com - E-mail: michael () memra com
Current thread:
- Re: SMURF amplifier block list, (continued)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Pete Ashdown (Apr 20)
- Re: SMURF amplifier block list Jason Lixfeld (Apr 24)
- Filtering ICMP (Was Re: SMURF amplifier block list) Mark Whitis (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Marc Slemko (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Dillon (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Mark Whitis (Apr 22)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Dillon (Apr 20)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Shields (Apr 22)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Alex P. Rudnev (Apr 21)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) D'Arcy J.M. Cain (Apr 22)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Alex P. Rudnev (Apr 21)
- Message not available
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Eric Germann (Apr 21)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Jason Lixfeld (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Pete Ashdown (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Richard Irving (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Brandon Ross (Apr 26)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Dillon (Apr 24)