|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: traffic filtering
On Mon, 21 Jan 2002, Stephen Griffin wrote: > > Is this type of filtering common? What alternate solutions are available > to mitigate (I'm assuming) concerns about smurf amplifiers, that still > allow traffic to/from legitimate addresses. What rationale is used to > filter all traffic to network/broadcast addresses of /24 networks while > ignoring network/broadcast of /25-/30? For that matter, what percentage > of smurf amplifiers land on /24 boundaries? As of last Monday / Tuesday, approximately 45% of all smurf amplifiers in the RIPE region had addresses ending in .0 or .255 [1]. I'm unsure about ARIN / APNIC IP space. I would certainly hope the kind of filtering you mention is uncommon :) If you filter on your ingress, packets who destination address ends in .0 or .255, and you are a smurf amplifier, you're only stalling the inevitable. The best course of action is to fix the smurf amplifier itself :) Check http://www.ircnetops.org/smurf/faq.php if you need to do this. Regards, [1] = Data provided by SAFE (http://www.ircnetops.org/smurf) -- Avleen Vig Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
|