Re: Spoofed Packets

• From: Henry Linneweh
• Date: Mon Apr 20 12:31:26 1998

Sounds like that new nestea multi-protocol nuke

Gary R. Mensenares wrote:

> Aaaarrrggghhh! I have been under attack since 2:30AM HKT and it only
> stopped just now.
>
> I am quite familiar with smurfs. As a matter of fact, I have turned off
> directed broadcast on every Cisco router I have. Constantly I am reminding
> my clients to do the same thing. It is sad that some people out there
> arent doing their part.
>
> But what bothers me the most is this most recent attack. Smurfs are ICMPs
> right? Well based on the logs I got, I was receiving all sorts of packets
> from "non-routable" addresses. This floored my International Private Line
> to MCI. I dont think they are smurfs because they do not belong to the
> same network. The protocols vary too, udp, icmp and tcp. Even the ports
> change. In other words, nothing is common except that they all pass thru
> the same gateway to our network.
>
> Being an ISP outside the US, bandwidth is very scarce and thus expensive
> from where I come from. I am filtering these packets so they never reach
> my clients. But still, the evil payload is dropped on my doorstep and it
> still consumes my precious bandwidth. Shouldnt MCI, or any other provider
> be filtering this on their borders? And if they are, there shouldn't be
> any packets of this variety running around their links, right? So how do
> these little blasted packets end up running around the internet?
>
> I am going to be very grateful if some kind souls can help point me to
> documentation on how to track these down and possible effectively prevent
> it from eating my line.
>
> Thanks!
>
> ---
> Gary Mensenares
> IPhil Communications Network Incorporated



--
�
�4i1�

• References:
  • Spoofed Packets Gary R. Mensenares

• Prev by Date: Re: ARIN Services
• Next by Date: Re: IOS Releases
• Date Index
• Thread Index
• Author Index
• Historical