Home page logo
/

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Sun, 19 Apr 1998 20:39:41 -0400

On Sat, Apr 18, 1998 at 12:39:29PM -0500, Dan Boehlke wrote:
On Sat, 18 Apr 1998, Alex P. Rudnev wrote:
Why don't use the filter
 deny icmp any 0.0.0.255 255.255.255.0 echo-request
on the incoming lines? It just block 99.999% of this smurf amplifiers; 
and I hardly think someone eve sence this restriction for the real PING 
tests.
What about people who didn't subnet their class B on the eight bit 
boundry, but made larger subnets instead?  What about the class B that 
doesn't appear to be subnetted at all?  What about supernetted class C 
networks?  A trailing .255 can be a valid host.

Yes, Dan, but any potential smurf-_amplifier_ who might need to do this
_knows_ this about _their own network_, and can adjust accordingly.

Cheers,
-- jra

-- 
Jay R. Ashworth                                                jra () baylink com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "Two words: Darth Doogie."  -- Jason Colby,
Tampa Bay, Florida             on alt.fan.heinlein             +1 813 790 7592

Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]