North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Spoofed Packets
Sounds like that new nestea multi-protocol nuke Gary R. Mensenares wrote: > Aaaarrrggghhh! I have been under attack since 2:30AM HKT and it only > stopped just now. > > I am quite familiar with smurfs. As a matter of fact, I have turned off > directed broadcast on every Cisco router I have. Constantly I am reminding > my clients to do the same thing. It is sad that some people out there > arent doing their part. > > But what bothers me the most is this most recent attack. Smurfs are ICMPs > right? Well based on the logs I got, I was receiving all sorts of packets > from "non-routable" addresses. This floored my International Private Line > to MCI. I dont think they are smurfs because they do not belong to the > same network. The protocols vary too, udp, icmp and tcp. Even the ports > change. In other words, nothing is common except that they all pass thru > the same gateway to our network. > > Being an ISP outside the US, bandwidth is very scarce and thus expensive > from where I come from. I am filtering these packets so they never reach > my clients. But still, the evil payload is dropped on my doorstep and it > still consumes my precious bandwidth. Shouldnt MCI, or any other provider > be filtering this on their borders? And if they are, there shouldn't be > any packets of this variety running around their links, right? So how do > these little blasted packets end up running around the internet? > > I am going to be very grateful if some kind souls can help point me to > documentation on how to track these down and possible effectively prevent > it from eating my line. > > Thanks! > > --- > Gary Mensenares > IPhil Communications Network Incorporated -- ��4i1�
|