nanog mailing list archives
Re: Solution: Re: Huge smurf attack
From: "Craig A. Huegen" <chuegen () quadrunner com>
Date: Tue, 12 Jan 1999 11:01:04 -0800
On Tue, Jan 12, 1999 at 01:11:09PM -0500, Steve Gibbard wrote: ==>On Tue, 12 Jan 1999 danderson () lycos com wrote: ==> ==>> I'm not sure what the big issue here is with the smurf attacks. If you set ==>> up some kind of access list that disables incoming icmp traffic, then turn ==> ==>That breaks path MTU discovery (see RFC 1435 for more info on that), among ==>other things. Two choices: access-list 101 deny icmp any any echo access-list 101 deny icmp any any echo-reply access-list 101 permit icmp any any -or- access-list 101 permit icmp any any packet-too-big access-list 101 deny icmp any any Neither of these is a particularly elegant solution because they block troubleshooting tools such as ping and traceroute. CAR works well to provide these troubleshooting services during normal operations and to help suppress attacks. /cah
Current thread:
- Re: Solution: Re: Huge smurf attack danderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Dalvenjah FoxFire (Jan 12)
- Re: Solution: Re: Huge smurf attack Steve Gibbard (Jan 12)
- Re: Solution: Re: Huge smurf attack Craig A. Huegen (Jan 12)
- <Possible follow-ups>
- Re: Solution: Re: Huge smurf attack Dean Anderson (Jan 12)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 12)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 12)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 13)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 13)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 13)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 13)
- Message not available
- Re: Solution: Re: Huge smurf attack Peter Swedock (Jan 14)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 14)
- Re: Solution: Re: Huge smurf attack Joe Shaw (Jan 14)