Home page logo
/

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: Dean Anderson <dean () av8 com>
Date: Sat, 18 Apr 1998 15:48:57 -0400

During an in progress attack, you probably have to take extreme measures,
Do you remember - it's not attack against you or attack by some of your
customer's networks used as amplifier, but the attack initiated from your
own network. You never note such thing withouth some permanent
measurement.

Oops. I misunderstood this first time round.  I don't think you can easily
detect smurf initiations, because you have to guess at the broadcast
address.

I think it is much easier to detect and block forged source addresses,
which are also necessary for the hacker who is operating out of your
network.

                --Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
           We Make IT Fly!                (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault