nanog mailing list archives

Re: Smurfing

From: Kevin Houle <kevin () netins net>
Date: Fri, 13 Feb 1998 16:13:49 -0600 (CST)

On Fri, 13 Feb 1998 11:51:29 -0800 (PST)
"Craig A. Huegen" <chuegen () quadrunner com> wrote:

http://www.quadrunner.com/~chuegen/smurf.txt

With Bay Networks, you must set a false static ARP for the broadcast
address and then it will not send directed broadcasts.  A Bay SE tells me
that an option to disable directed broadcasts is being implemented and
will be in a major release expected around April.


The take the false static ARP concept a little further, I've
been advised to use a fake adjacent host entry to accomplish
this. A Bay SE sent this to me today :

"In order to protect a directly connected network from being a 
smurf launch point, you can configure an Adjacent Host for the 
broadcast address (if the network is a /24 than the broadcast 
addresses would be x.x.x.0 and x.x.x.255) with a bogus MAC address. 
This will cause the smurf traffic to be sent to that bogus MAC 
address which result in NO ONE replying to the smurf."

We originally were advised to use a blackhole static route,
but that does not take precedence over a directly connected
route in the route table.

Kevin

Current thread:

Smurfing Alex Rubenstein (Feb 13)
- Re: Smurfing Charles Sprickman (Feb 13)
  - Re: Smurfing Eric Osborne (Feb 13)
  - Re: Smurfing Craig A. Huegen (Feb 13)
    - Re: Smurfing Kevin Houle (Feb 15)
    - Re: Smurfing Phillip Vandry (Feb 16)
  - Re: Smurfing Brian Wallingford (Feb 13)
  - Re: Smurfing Randy Bush (Feb 13)
    - Re: Smurfing Tatsuya Kawasaki (Feb 16)
    - Re: Smurfing Alex Bligh (Feb 16)
- <Possible follow-ups>
- Re: Smurfing Joe Provo - Network Architect (Feb 13)
- Re: Smurfing Steve Hultquist (Feb 13)
  - Re: Smurfing Eric Osborne (Feb 13)
  - Re: Smurfing Deepak Jain (Feb 13)
  - Re: Smurfing Havard . Eidnes (Feb 13)

(Thread continues...)