North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Smurfing

  • From: Havard.Eidnes
  • Date: Fri Feb 13 18:16:14 1998


getting Smurfing "under control" takes two things:

 o All router administrators on the immediately reachable
   Internet needs to turn off directed broadcasts on their router
   interfaces.  It's conceivable that "a significant portion of
   all" would do as well, but the magnitude of this problem
   boggles the mind.  First of all, we'd need to distribute the
   appropriate amount of clue to all the corners of the net where
   this needs to happen.  Maybe, just maybe, we'll get there
   sometime (I'm an optimist!).

 o Making sure source IP address spoofing isn't as easily done as
   it is now.  Also an easy one, right? ;-)

   Anyone have any idea where most of the attacks originate:
   dial-up ports or from folks more directly connected to the
   net?  (I'd bet on a happy mix ;-)

   Equipment providers can offer some help here in offering an
   effective and efficient knob which can do the equivalent of
   "RPF"ing on unicast traffic (if you don't have a route back to
   the source and the route doesn't point to the incoming
   interface for the packet, drop it on the floor).  Obviously,
   this assumes symmetric traffic patterns, which are typical at
   the edges of the network but not quite so typical in our/your
   modern backbone networks.

 o While we struggle with the above two, at least some service
   providers need to become more responsive in tracking these
   sort of events back to their real source.  No names mentioned,
   none forgotten.

 o Lastly, I think that better tools are needed to track this
   sort of attacks back to their source (?).

I'm not saying these battles should not be fought; far from it,
but it's probably going to take a while before any of these can
have any significant effect on the problem.

- H�vard