North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMURF amplifier block list
At 03:31 AM 4/14/98 -0600, Forrest W. Christian wrote: >On Tue, 14 Apr 1998, Hank Nussbacher wrote: > >> All outgoing pkts to 220.88.192.128/27 now should go to Null0. I am sure >> one can improve on the logic even more. > >Exactly. All OUTGOING packets. Not Incoming. Not the smurf attack >packets which are swamping your downstream customer, which have a source >address from 220.88.192.128/27. My textual mistake - this snippet is to send pkts to dev/null for all pkts *sourced* from 220.88.192.128/27. -Hank > >I will concede that shutting off connectivity to a site by a large enough >chunk of the net should get someone to fix stuff.... But part of the >advantage of the MAPS RBL BGP feed is that it helps to cut down spam >coming into your network. A BGP feed TODAY won't block a ping >amplification attack aimed at your network or a downstream. All it will >do is prevent your customers from using the ping amplification networks to >launch an attack. And, if you have the appropriate anti-spoofing filters >in place, they shouldn't be able to attack anything other than the valid >source addresses you have in your outbound filter set. > >- Forrest W. Christian ([email protected]) >---------------------------------------------------------------------- >iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com >Solutions for your high-tech problems. (406)-442-6648 >---------------------------------------------------------------------- > > >
|