mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Wed, 30 Jul 1997 15:23:27 -0400
On Wed, Jul 30, 1997 at 07:56:11PM +0100, Alex.Bligh wrote:
Urm, 18.104.22.168 is the MAE-East LAN ?! Are you saying attacks are
being mounted from here or people are attacking this LAN (not
sure which is more worrying)
What he's saying is that someone is mounting broadcast ping flooding
attacks with forged source addresses which make them appear to be
coming from MAE-East, among other places.
He correctly notes that this _must_ be fixed at the boundary routers.
Network operators: _please_ make sure your boundary routers do not
allow you to send packets upstream which have source addresses on them
which are not on your networks. Filters are your friend. A source
address of 127.anything is pretty uncool, too, as are broadcast
addresses... although those can be harder to figure out nowadays.
Jay R. Ashworth jra () baylink com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
Re: [nsp] known networks for broadcast ping attacks Jordyn A. Buchanan (Jul 30)
Re: [nsp] known networks for broadcast ping attacks Alex.Bligh (Jul 31)