Home page logo
/

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: jlixfeld () idirect ca
Date: Sun, 19 Apr 1998 18:46:13 -0400 (EDT)

Uhmm, would the 255.255.255.255 wildcard not be 255.255.255.0?

On Sat, 18 Apr 1998, Dean Anderson wrote:

:Umm, I think this has already been hashed out. This is not the only netmask
:on the planet, and you don't know what other networks netmasks are under
:CIDR. Trying to guess the netmask just leads to breakage.
:
:All you want to do is stop packets coming in to your broadcast address.
:For example, for your network x.y.z/n  (n=24) with your broadcast address
:of x.y.z.255: (I presume everyone can translate between CIDR notation and
:dotted decimal ;-)
:
:deny ip any x.y.z.255 255.255.255.255
:
:no ip directed broadcast basically puts in the same rule, but it does it
:automatically by looking at the netmasks on the interfaces.
:
:               --Dean
:
:>Why don't use the filter
:>
:> deny icmp any 0.0.0.255 255.255.255.0 echo-request
:>
:>on the incoming lines? It just block 99.999% of this smurf amplifiers;
:>and I hardly think someone eve sence this restriction for the real PING
:>tests.
:>
:>???
:>
:>
:>
:>On Fri, 17 Apr 1998, Dean Anderson wrote:
:>
:>> Date: Fri, 17 Apr 1998 18:09:08 -0400
:>> From: Dean Anderson <dean () av8 com>
:>> To: jlixfeld () idirect ca
:>> Cc: nanog () merit edu
:>> Subject: Re: SMURF amplifier block list
:>>
:>> > Does no ip directed broadcast really work?
:>>
:>> Yes. It works.
:>>
:>> And it works for whatever your particular netmask or broadcast address
:>> happens to be, which is what's important.
:>>
:>> The only time you shouldn't do it globally is when some other network
:>> really needs to see broadcasts.  For example, If we manage a client's
:>> network with HP OpenView over the internet, we need to be able to send them
:>> directed broadcasts, so that OpenView host discovery will work.  Patrol
:>> works the same way, as do other products.  In this case you can't use the
:>> "no ip directed broadcast" switch, but you can still set up access rules
:>> which do the same thing except for the permitted network.
:>>
:>> Bottom line is that you should protect your network from people who would
:>> either abuse it via smurfing, or simply have no business looking for hosts
:>> on your network. You have the tools to do it.
:>>
:>>             --Dean
:>>
:>>
:>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
:>>            Plain Aviation, Inc                  dean () av8 com
:>>            LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
:>>            We Make IT Fly!                (617)242-3091 x246
:>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
:>>
:>>
:>>
:>
:>Aleksei Roudnev, Network Operations Center, Relcom, Moscow
:>(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095)
:>239-10-10, N 13729 (pager)
:>(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
:
:
:
:++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
:           Plain Aviation, Inc                  dean () av8 com
:           LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
:           We Make IT Fly!                (617)242-3091 x246
:++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
:
:

--
Regards,  

Jason A. Lixfeld             jlixfeld () idirect ca
iDirect Network Operations   jlixfeld () torontointernetxchange net

---------------------------------------------------------------------
TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
5415 Dundas Street West      | http://www.torontointernetxchange.net
Suite 301, Toronto Ontario   | (416) 236-5806        (T)
M9B-1B5 CANADA               | (416) 236-5804        (F)
---------------------------------------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault