North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMURF amplifier block list
What about people who didn't subnet their class B on the eight bit boundry, but made larger subnets instead? What about the class B that doesn't appear to be subnetted at all? What about supernetted class C networks? A trailing .255 can be a valid host. On Sat, 18 Apr 1998, Alex P. Rudnev wrote: > Why don't use the filter > > deny icmp any 0.0.0.255 255.255.255.0 echo-request > > on the incoming lines? It just block 99.999% of this smurf amplifiers; > and I hardly think someone eve sence this restriction for the real PING > tests. > > ??? > > > > On Fri, 17 Apr 1998, Dean Anderson wrote: > > > Date: Fri, 17 Apr 1998 18:09:08 -0400 > > From: Dean Anderson <[email protected]> > > To: [email protected] > > Cc: [email protected] > > Subject: Re: SMURF amplifier block list > > > > > Does no ip directed broadcast really work? > > > > Yes. It works. > > > > And it works for whatever your particular netmask or broadcast address > > happens to be, which is what's important. > > > > The only time you shouldn't do it globally is when some other network > > really needs to see broadcasts. For example, If we manage a client's > > network with HP OpenView over the internet, we need to be able to send them > > directed broadcasts, so that OpenView host discovery will work. Patrol > > works the same way, as do other products. In this case you can't use the > > "no ip directed broadcast" switch, but you can still set up access rules > > which do the same thing except for the permitted network. > > > > Bottom line is that you should protect your network from people who would > > either abuse it via smurfing, or simply have no business looking for hosts > > on your network. You have the tools to do it. > > > > --Dean > > > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Plain Aviation, Inc [email protected] > > LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com > > We Make IT Fly! (617)242-3091 x246 > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > > > > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow > (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) > (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax) > -- Dan Boehlke, Senior Network Engineer M R N e t Internet: [email protected] A MEANS Telcom Company Phone: 612-362-5814 2829 SE University Ave. Suite 200 WWW: http://www.mr.net/~dboehlke/ Minneapolis, MN 55414
|