North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMURF amplifier block list
>> During an in progress attack, you probably have to take extreme measures, >Do you remember - it's not attack against you or attack by some of your >customer's networks used as amplifier, but the attack initiated from your >own network. You never note such thing withouth some permanent >measurement. Oops. I misunderstood this first time round. I don't think you can easily detect smurf initiations, because you have to guess at the broadcast address. I think it is much easier to detect and block forged source addresses, which are also necessary for the hacker who is operating out of your network. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc [email protected] LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|