North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Smurfing

  • From: Eric Osborne
  • Date: Fri Feb 13 17:36:55 1998

This actually came up a few weeks ago - there's no way to filter outbound
ICMP for "broadcast addresses", because what defines a broadcast address 
depends on the subnetting at the receiving end.  For example, 
may be a host on, or a broadcast on
"no ip directed-broadcast" drops all IP destined for the broadcast address
_on an interface_, AFAIK.


> Don't these answers answer a different question? Isn't the question how to
> filter *outbound* attacks, not inbound ones? Filtering the inbound ones is
> pretty easy on a Bay or anything with filters (drop packets bound for the
> broadcast addresses). Filtering outbound is another story, especially with
> CIDR. I would like to set up my routers to make sure I'm protecting as much
> of the 'net as possible from attempts by my customers to do evil. However,
> it's not clear to me how to do that. Does "no ip directed-broadcast" somehow
> filter the *outbound* attacks or just the inbound ones?
> --
> Steve Hultquist, Chief Technology Officer                       HSAnet
> providing high-speed Internet access                 Boulder, Colorado
> mailto:[email protected]     +1.303.581.0800