North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Solution: Re: Huge smurf attack

  • From: danderson
  • Date: Wed Jan 13 13:06:41 1999

Well, I speak as a content provider instead of a service provider, your
rules are a little different.


Devin Anderson
Network Engineer
Lycos, Inc.

Brandon Ross <[email protected]> on 01/13/99 02:29:41 AM

To:   [email protected]
cc:    (bcc: Devin Anderson/Lycos)
Subject:  Re: Solution: Re: Huge smurf attack

On Tue, 12 Jan 1999 [email protected] wrote:
> Only I'm allowing the echo-reply so I can ping/traceroute out for my
> troubleshooting needs. However, I don't buy the 'it breaks testing
> because there are other ways to test that using icmp for incoming stuff.
Yes, but, do you have any idea how many tech support calls would be
generated by our customers complaining that they can't ping or be pinged?
Our service is advertised as unrestricted Internet access.  Our customers
rightfully expect to be able to ping out as well as be pinged.  If we
blocked all echo throughout our network, we would be completed flooded
with technical support calls.  Doing something like this, similar to the
serveral suggestions to filter all .0 and .255 addresses, is an attempt to
fix the symptom instead of the real problem.
> Plus, you STILL have directed broadcasts turned off in my scenario so the
> access list is almost futile.
Of course.
Brandon Ross            Network Engineering     404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc.  [email protected]
                                                            ICQ:  2269442
Stop Smurf attacks!  Configure your router interfaces to block directed
broadcasts. See for details.