North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMURF amplifier block list
At 3:21 PM -0400 4/18/98, Alex P. Rudnev wrote: >> During an in progress attack, you probably have to take extreme measures, >Do you remember - it's not attack against you or attack by some of your >customer's networks used as amplifier, but the attack initiated from your >own network. You never note such thing withouth some permanent >measurement. > >It's why we saw this 100% helpless against the SMURF's. But to protect your own network, all you need is the access rule I gave. You know your own broadcast address and netmask, and can put in a rule to block. You just can't block the presumed broadcast address used by other peoples networks. Logging attempted attacks which are blocked can't really be done with a cisco. You need something to monitor the line coming in. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc [email protected] LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|