Home page logo

nanog logo nanog mailing list archives

Re: [nsp] known networks for broadcast ping attacks
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Wed, 30 Jul 1997 15:23:27 -0400

On Wed, Jul 30, 1997 at 07:56:11PM +0100, Alex.Bligh wrote:
Urm, is the MAE-East LAN ?! Are you saying attacks are
being mounted from here or people are attacking this LAN (not
sure which is more worrying)

What he's saying is that someone is mounting broadcast ping flooding
attacks with forged source addresses which make them appear to be
coming from MAE-East, among other places.

He correctly notes that this _must_ be fixed at the boundary routers.

Network operators: _please_ make sure your boundary routers do not
allow you to send packets upstream which have source addresses on them
which are not on your networks.  Filters are your friend.  A source
address of 127.anything is pretty uncool, too, as are broadcast
addresses... although those can be harder to figure out nowadays.

-- jra
Jay R. Ashworth                                                jra () baylink com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "People propose, science studies, technology
Tampa Bay, Florida          conforms."  -- Dr. Don Norman      +1 813 790 7592

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]