nanog mailing list archives
Re: Solution: Re: Huge smurf attack
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Wed, 13 Jan 1999 20:45:10 -0500
On Mon, Jan 11, 1999 at 10:30:41PM -0500, Daniel Senie wrote:
OTOH, what about just declaring that X.X.X.{0,255} is off limits regardless of the network size? It would take just 2 access list entries to make those addresses in networks larger than /24 to be mostly useless. There aren't that many LANs out there that would have real non-broadcast use on these addresses, anyway. I block these coming in to my network as destinations, and I'm tempted to block them as sources, as well. Once these addresses are indeed off limits, then the next step is to get backbones to put in the access lists.No. This is not a good plan. There are indeed networks out there with supernetted LANs. I consult for a large research institution which uses /22 masks for all subnets, and heavily uses them. The chances of clobbering perfectly legitimate addresses is real. Beyond this, there are plenty of /25 networks that'll do a perfectly good job of playing smurf-amplifier. The solution isn't to apply access lists.
Since Phil's on my side of this argument, I'll jump back in. What percentage of the hosts on the internet occupy an address with a non-broadcast .0 or .255 last octet? What percentage of smurfs would be stopped bu outbound filters on those octets? Which is a bigger win? Cheers, -- jra -- Jay R. Ashworth jra () baylink com Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592
Current thread:
- Re: Huge smurf attack, (continued)
- Re: Huge smurf attack Alex P. Rudnev (Jan 11)
- Re: Huge smurf attack Dan Hollis (Jan 11)
- Solution: Re: Huge smurf attack Jon Lewis (Jan 11)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 11)
- Re: Solution: Re: Huge smurf attack Jon Lewis (Jan 11)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 11)
- Re: Solution: Re: Huge smurf attack Daniel Senie (Jan 11)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 11)
- Re: Solution: Re: Huge smurf attack Craig A. Huegen (Jan 12)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 11)
- Message not available
- Re: Solution: Re: Huge smurf attack Jay R. Ashworth (Jan 13)
- Re: Solution: Re: Huge smurf attack Jon Lewis (Jan 12)
- Re: Solution: Re: Huge smurf attack Steve Gibbard (Jan 12)
- Re: Solution: Re: Huge smurf attack Alex P. Rudnev (Jan 12)
- Re: Huge smurf attack Phil Howard (Jan 11)
- Re: Huge smurf attack Michael Dillon (Jan 12)
- Re: Huge smurf attack Steven J. Sobol (Jan 12)
- Message not available
- Re: Huge smurf attack Dalvenjah FoxFire (Jan 12)
- Re: Huge smurf attack Ray Everett-Church (Jan 12)
- Re: Huge smurf attack Brandon Ross (Jan 11)