|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
On Sat, Dec 27, 1997 at 05:54:08PM -0500, Dorian R. Kim wrote: > On Sat, Dec 27, 1997 at 03:25:11PM -0700, Darin Wayrynen wrote: > > > > I had to modify code to parse the password file. I did not try to > > determine if this was because I wasn't using the recommended > > hardware/software platform, or because the tool was created to work > > with a MCI specific environment. > > While I can't comment on this specific problem, MCI's dostracker doesn't > work if you are running DCEF. This makes dostracker useless in many > networks. > > -dorian Then you damn well better not be permitting any of the following: 1) Forged source addresses (this CAN be stopped with specific filters on your interfaces, although some will bitch about the performance impact - depending on their specific choices) 2) Directed broadcasts (which are used to "create" these DOS attacks by bouncing the attack off a particularly-well-connected location, USUALLY a provider's internal infrastructure). Block both of those and Smurfs would disappear. If you can trace the TRUE source of such an attack quickly, people will go to jail for this. The only reason they are popular is because the source addresses CAN be forged. THIS CAN BE PREVENTED. -- -- Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex support on ALL modems Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
|