nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Smurfing

From: Dean Anderson <dean () av8 com>
Date: Mon, 16 Feb 1998 11:50:21 -0500
On Fri, 13 Feb 1998, Dean Anderson wrote:



If the ICMP packet is permitted in to the internal network then it
doesn't matter where the network is, only that it have sufficient
bandwidth to generate the necessary traffic out to the border (from
the smurfer's POV).  This is why it needs to be turned off on all
LAN segments (assuming it isn't used for other things).


If you enable broadcast forwarding on a cisco, thats true. But you should
have access filters in place at your borders to prevent directed broadcasts
to your networks and subnets.

Internally, directed broadcasts are (often) used.  The main thing is to
prevent others from using them, either unnecessarilly, or maliciously.


How often is SNMP host discovery done?


It's configurable. I think the default shipped is every 15 minutes.  I
usually turn it down to once a day.


Can't HPOV be directed to just
discover on a specific network?


It can, and in fact it should be. But if you have turned off forwarding
directed broadcasts on that network, it won't work.

                --Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Previous By Date Next
Previous By Thread Next

Current thread: