North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Solution: Re: Huge smurf attack
Speaking as an ISP with lots of small business customers who don't know what a smurf attack is, much less why they should want to prevent them, I've found that the easiest solution to this in dealing with customers whose routers we don't manage is to stick in a filter on our router upstream from them, blocking any smurfable broadcast addresses. Most of our customers have just one or two subnets, so that's pretty easy, but it wouldn't scale all that well to customers with larger, more complex networks, especially if they're changing their network configuration somewhat frequently. In that case, though, there's usually somebody there who I can at least attempt to explain why open broadcast addresses are a problem to. -Steve On Mon, 11 Jan 1999, Jon Lewis wrote: > On Mon, 11 Jan 1999, Dan Hollis wrote: > > > due to unresponsive staff or bad ARIN contact info... but getting their > > upstream to pull their connection out of the wall gets their 100% > > attention REAL quick. Response time goes from weeks to minutes. > > This might not be allowed under existing service contracts. Most > providers probably have provisions to disconnect for network abuse...but > not for cluelessness. > > ----don't waste your cpu, crack rc5...www.distributed.net team enzo--- > Jon Lewis <[email protected]> | Spammers will be winnuked or > Network Administrator | nestea'd...whatever it takes > Florida Digital Turnpike | to get the job done. > ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key________ > > -- Steve Gibbard WWNet System Administration +1 734 513-7707 x 2009 http://www.wwnet.net
|