nanog mailing list archives
Re: Smurfing
From: Eric Osborne <osborne () notcom com>
Date: Fri, 13 Feb 1998 17:06:09 -0500 (EST)
This actually came up a few weeks ago - there's no way to filter outbound ICMP for "broadcast addresses", because what defines a broadcast address depends on the subnetting at the receiving end. For example, 10.1.1.119 may be a host on 10.1.1.0/24, or a broadcast on 10.1.1.112/29. "no ip directed-broadcast" drops all IP destined for the broadcast address _on an interface_, AFAIK. eric
Don't these answers answer a different question? Isn't the question how to filter *outbound* attacks, not inbound ones? Filtering the inbound ones is pretty easy on a Bay or anything with filters (drop packets bound for the broadcast addresses). Filtering outbound is another story, especially with CIDR. I would like to set up my routers to make sure I'm protecting as much of the 'net as possible from attempts by my customers to do evil. However, it's not clear to me how to do that. Does "no ip directed-broadcast" somehow filter the *outbound* attacks or just the inbound ones? -- Steve Hultquist, Chief Technology Officer HSAnet providing high-speed Internet access Boulder, Colorado mailto:ssh () HSAnet net +1.303.581.0800 http://www.HSAnet.net/
Current thread:
- Re: Smurfing, (continued)
- Re: Smurfing Eric Osborne (Feb 13)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing Kevin Houle (Feb 15)
- Re: Smurfing Phillip Vandry (Feb 16)
- Re: Smurfing Brian Wallingford (Feb 13)
- Re: Smurfing Randy Bush (Feb 13)
- Re: Smurfing Tatsuya Kawasaki (Feb 16)
- Re: Smurfing Alex Bligh (Feb 16)
- Re: Smurfing Eric Osborne (Feb 13)
- Re: Smurfing Deepak Jain (Feb 13)
- Re: Smurfing Havard . Eidnes (Feb 13)
- Re: Smurfing Randy Bush (Feb 13)
- Message not available
- Re: Smurfing Kelly J. Cooper (Feb 13)
- Re: Smurfing Paul Ferguson (Feb 15)
- Re: Smurfing Randy Bush (Feb 16)
- Message not available
- Re: Smurfing Jay R. Ashworth (Feb 16)