Home page logo

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: Aaron Beck <abeck () falcon org>
Date: Tue, 14 Apr 1998 13:53:07 -0700 (PDT)

On Tue, 14 Apr 1998, Stephen Sprunk wrote:

Are we really concerned about being smurfed by a /30, or even a /27?

The essential problem is backbone class-C's, especially those in NAPs
where coordination is nearly impossible.  Smaller subnets tend to be in
small ISPs' or customers' networks, which don't pose a threat since they
lack the bandwidth for an effective attack.

Im kind of under the impression that we're (ok, just me, but anyone
else is welcome to jump on this bandwagon) trying to point out that
class based thinking.. or even "well, most of the net is this" thinking is
probably a bad idea.  Kludges n' hacks may work most of the time, but
kludges and hacks are just that.. kludgey and hackish.  Hard coded
defines, precompiled bins, etc have proven to be a less elegant method in
other areas of the computing world... why should we repeat the same kind
of mistake in the networking field?  A smurf attack is just that, a smurf
attack.  Wouldnt the overall goal include removing the attack possibility
in its entirety, not just a temporary solution that may solve some of the
problems, but definetly not all of them?

Assuming that most of the net is based on /24s, and that smaller subnets
are generally internal to those /24's may be a safe assumption, but once
again its probably not the best way to think about this problem (not that
I have any hints on what the best way should be, but im fairly certain
that applying a stereotypical ideology to this is "not a good thing").

just my two bits and a lot of run on sentences.

--  Aaron

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]