North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: More smurf fun
Why should not you filter out all packets destinated to this very broadcast address somewhere on the border router? By their DST address, not as _direct broadcast_ packets? On Mon, 9 Mar 1998, Jeffrey Haas wrote: > Date: Mon, 9 Mar 1998 14:58:30 -0500 (EST) > From: Jeffrey Haas <[email protected]> > To: [email protected] > Subject: Re: More smurf fun > > Dave Rand was known to have said: > > Here's the latest group of smurf-able networks. > [...] > > Some of the phone calls were interesting. Many of the NOC staff did not > > know what a smurf attack was (so I explained it to them). Many did not want > > to set no ip directed-broadcast because they didn't know what it would do. > [...] > > 148.59.0.0 > > A quick note: > > If you find yourself having problems from this netblock, please contact > either [email protected] (me) or [email protected] > > We currently cannot disable directed broadcast due to a NASTY bug > in the packet forwarding code of the Proteon routers we use on our > backbone. We are working with Proteon to solve this issue. > > (I'm also trying to figure out if the issue is worth posting to Bugtraq.) > > In the meanwhile, we have implemented blackhole routing for the subnets > that seemed to be at issue. > > > Dave Rand > > -- > Jeffrey Haas "He that breaks a thing to find out what it is has > [email protected] left the paths of wisdom." (Or works for Fermilab...) > Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
|