mailing list archives
Re: SMURF amplifier block list
From: Dean Anderson <dean () av8 com>
Date: Sat, 18 Apr 1998 15:31:48 -0400
At 3:21 PM -0400 4/18/98, Alex P. Rudnev wrote:
During an in progress attack, you probably have to take extreme measures,
Do you remember - it's not attack against you or attack by some of your
customer's networks used as amplifier, but the attack initiated from your
own network. You never note such thing withouth some permanent
It's why we saw this 100% helpless against the SMURF's.
But to protect your own network, all you need is the access rule I gave.
You know your own broadcast address and netmask, and can put in a rule to
You just can't block the presumed broadcast address used by other peoples
Logging attempted attacks which are blocked can't really be done with a
cisco. You need something to monitor the line coming in.
Plain Aviation, Inc dean () av8 com
We Make IT Fly! (617)242-3091 x246