North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: smurf

  • From: Karl Denninger
  • Date: Mon Dec 08 12:06:52 1997

On Fri, Dec 05, 1997 at 10:05:13PM -0700, Wayne Bouchard wrote:
> Okay, so I'm now blocking 45 megs of icmp echo-reply packets at my
> borders.. At one point, this was 80,000 packets/sec. (No, I'm
> not exagerating.)
> 
> 
> <SoapBox>
> 
> For anyone who has not, PLEASE DISABLE DIRECTED BROADCASTS!
> Tell a friend.. If you sell routers to clients and/or you
> configure them, include that in your default configuration.
> Encourage people to filter inbound ICMP where possible..
> Do whatever it takes to work with your customer/peers to
> put a stop to this kind of abuse. Of all the attacks to date,
> this (and the recent land.c which is a different issue together)
> threaten the most disruption of internet services. With ISDN and
> DSL, users have the bandwidth necessary to generate even more
> dangerous levels of traffic. If you don't think this issue affects
> you, it does. If you're not a target, your probably being used
> as a source.
> 
> </SoapBox>
> 
> We thank you for your support..
> 
> 
> ----------------------------------------------------------------------
> Wayne Bouchard                             GlobalCenter
> [email protected]                           
> Primenet Network Operations                Internet Solutions for
> (602) 416-6422   800-373-2499 x6422        Growing Businesses
> FAX: (602) 416-9422
> http://www.primenet.com                    http://www.globalcenter.net
> ----------------------------------------------------------------------

I suggest finding the source networks (MCI has published such a tool) and 
dropping their BGP sessions until they deal with the problem.

There is one national network in particular that IMHO doesn't give a damn
about this, and has turned their head the other way MULTIPLE times when we
have attempted to track this down.

--
-- 
Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly to FULL DS-3 Service
			     | NEW! K56Flex support on ALL modems
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost


  • References: