North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: source filtering

  • From: Dalvenjah FoxFire
  • Date: Tue Jan 12 16:27:47 1999

On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox:
> 
> Is UDP smurf much in evidence? (send a UDP packet to the broadcast address
> on the echo server port and you'll either get ICMP port unreachables
> back or UDP echos). The reason I ask is that edge ICMP rate
> limiting won't help UDP.

Supposedly UDP smurf (fraggle) is becoming more popular. I haven't
seen it myself.

The only type of UDP attack I've seen has been where a user breaks
into machine on high bandwidth, fails to get root, and runs a program
that sends large amounts of huge UDP packets to a destination host.
This makes tracing the problem loads easier, and your upstream can
block out the single host.

-dalvenjah

-- 
 Dalvenjah FoxFire (aka Sven Nielsen)  The name's Bean....Mr. Bean.
 Founder, the DALnet IRC Network       
                                      
 e-mail: [email protected]             WWW: http://www.dal.net/~dalvenjah/
 whois: SN90                           Try DALnet! http://www.dal.net/