North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: traffic filtering

  • From: Avleen Vig
  • Date: Mon Jan 21 20:57:45 2002

On Mon, 21 Jan 2002, Stephen Griffin wrote:
> Is this type of filtering common? What alternate solutions are available
> to mitigate (I'm assuming) concerns about smurf amplifiers, that still
> allow traffic to/from legitimate addresses. What rationale is used to
> filter all traffic to network/broadcast addresses of /24 networks while
> ignoring network/broadcast of /25-/30? For that matter, what percentage
> of smurf amplifiers land on /24 boundaries?

As of last Monday / Tuesday, approximately 45% of all smurf amplifiers in
the RIPE region had addresses ending in .0 or .255 [1].
I'm unsure about ARIN / APNIC IP space.

I would certainly hope the kind of filtering you mention is uncommon :)
If you filter on your ingress, packets who destination address ends in .0
or .255, and you are a smurf amplifier, you're only stalling the
The best course of action is to fix the smurf amplifier itself :)
Check if you need to do this.


[1] = Data provided by SAFE (

Avleen Vig
Network Security Officer
Smurf Amplifier Finding Executive: