|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Filtering ICMP (Was Re: SMURF amplifier block list)
On Thu, 23 Apr 1998, Jason Lixfeld wrote: > Then how do you propose to effectively block smurf coming IN? You are > totally asking for it if you need to rely on your upstreams to protect > you. You cannot block SMURF coming in. Once it has travelled down your DS3 to your router it has already done damage to your connectivity. Only your upstream can prevent the SMURF packets from coming down your DS3. The solution for the victim is to work with their upstream to rapidly block *AND* *TRACE* the perps. -- Michael Dillon - Internet & ISP Consulting http://www.memra.com - E-mail: [email protected]
|