North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: source filtering
On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox: > > Is UDP smurf much in evidence? (send a UDP packet to the broadcast address > on the echo server port and you'll either get ICMP port unreachables > back or UDP echos). The reason I ask is that edge ICMP rate > limiting won't help UDP. Supposedly UDP smurf (fraggle) is becoming more popular. I haven't seen it myself. The only type of UDP attack I've seen has been where a user breaks into machine on high bandwidth, fails to get root, and runs a program that sends large amounts of huge UDP packets to a destination host. This makes tracing the problem loads easier, and your upstream can block out the single host. -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) The name's Bean....Mr. Bean. Founder, the DALnet IRC Network e-mail: [email protected] WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/
|