North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Smurfing

  • From: Dean Anderson
  • Date: Mon Feb 16 12:25:53 1998

>On Fri, 13 Feb 1998, Dean Anderson wrote:

>If the ICMP packet is permitted in to the internal network then it
>doesn't matter where the network is, only that it have sufficient
>bandwidth to generate the necessary traffic out to the border (from
>the smurfer's POV).  This is why it needs to be turned off on all
>LAN segments (assuming it isn't used for other things).

If you enable broadcast forwarding on a cisco, thats true. But you should
have access filters in place at your borders to prevent directed broadcasts
to your networks and subnets.

Internally, directed broadcasts are (often) used.  The main thing is to
prevent others from using them, either unnecessarilly, or maliciously.

>How often is SNMP host discovery done?

It's configurable. I think the default shipped is every 15 minutes.  I
usually turn it down to once a day.

>Can't HPOV be directed to just
>discover on a specific network?

It can, and in fact it should be. But if you have turned off forwarding
directed broadcasts on that network, it won't work.

		--Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  [email protected]
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++