nanog mailing list archives
Re: Smurfing
From: "Craig A. Huegen" <chuegen () quadrunner com>
Date: Fri, 13 Feb 1998 22:57:30 -0800 (PST)
On Sat, 14 Feb 1998, William Allen Simpson wrote: ==>Wow, I was glad to see that all these wonderful folks are reading the ==>router requirements (RFC-1812, June 1995). Good, good. ==> ==>What I'd like to understand is how smurf attacks can work, even with ==>directed broadcast on? Isn't there a requirement (RFC-1122) from ages ==>past (October 1989) that ICMP not respond to broadcast or multicast ==>[page 38 et seq]? Nope. RFC 1122[1] says (also in my paper =): --- An ICMP Echo Request destined to an IP broadcast or IP multicast address MAY be silently discarded. DISCUSSION: This neutral provision results from a passionate debate between those who feel that ICMP Echo to a broadcast address provides a valuable diagnostic capability and those who feel that misuse of this feature can too easily create packet storms. --- Most stack implementors have chosen to respond to it because of its troubleshooting value; then again, the date of the RFC shows why many folks would tend to believe the threat of the attack wouldn't be very large. /cah [1] RFC-1122, "Requirements for Internet Hosts - Communication Layers"; R.T. Braden; October 1989.
Current thread:
- Re: Smurfing, (continued)
- Re: Smurfing Dean Anderson (Feb 13)
- Re: Smurfing ken emery (Feb 13)
- Re: Smurfing Dean Anderson (Feb 16)
- Message not available
- Re: Smurfing Jay R. Ashworth (Feb 13)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing David J. Schmidt (Feb 15)
- Re: Smurfing Steve Camas (Feb 15)
- Re: Smurfing Jon Lewis (Feb 15)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing Michael Shields (Feb 15)
- Re: Smurfing Dean Anderson (Feb 16)