|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf
Mike Hedlund wrote: > [snip] > Well.. the main problem with smurf is that as far as i know, it uses the > reply from a broadcast. that will rule out tcp unless they send a direct > flow from the attackers box to the destination/victims box. For UDP, > you would have to send it to a broadcast, and also hope there is a udp > service listening (ie.. a test program i wrote sent 1 udp broadcast to > 198.32.136.255:7 and received a whole bunch of replies.. turn off small > services on routers would be helpfull.. :)). You could also do that to > any network, the point being.. its easier to disable simple udp services > then to setup filters on border routers.. > > -mike I guess that depends upon how many border routers you have :) It would also help to filter outgoing traffic from your network to ensure you do not become the unwitting source of a smurf attack.. -- Leigh Porter
|