Home page logo
/

nanog logo nanog mailing list archives

Network Operators and smurf
From: Rusty Zickefoose <rusty () mci net>
Date: Fri, 24 Apr 1998 15:19:23 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----

Hi all,

<rant>
        If were reading this list on a professional basis, we should be a
little clued, or at least attempting to get there.  We're in the big
leagues now, read up on CIDR, figure out classless subnetting.  To
advocate breaking legitimate routing because we, as an industry, don't want
to put in the time and effort to educate our end users is just a little
lame. 
</rant>

        Had to get that off my chest.  

        Anyway, it's been said here several times before, but I'll say it
again.

        To end the smurf type exploits, we need to do 2 things.

1.  Routers/Gateways should be configured to prevent the transmission of
echo-request packets, out an interface, to a destination address identical
to the broadcast address of that interface, except in those cases where
specifically required. 

        This means getting vendors to give us a knob, and having it
default to off.

This is the easy one folks, figuring out net-masks aren't that hard.  The
transit providers might have problems with implementing this due to
hardware meltdown, but that's not where it needs to be implemented.

        !!Educate your (our) users!!


2.      Routers/Gateways should be configured to drop all packets with
invalid source addresses.

        This is a little bit more difficult, particularly if your
multi-homed, but again, it's not the transit providers that are need to
implement this, its the end user.

        once more

        !!Educate your (our) users!!

No. 2 has the benefit of fixing all manner of ills.

The problem is us.  This isn't a research network run and maintained by
the knowledgable.  This is a business.  We're selling a product, and if we
expect it to operate as advertised, it's up to us to educate those we sell
it to. 


This is Mr. Pot, saying so long to all you kettles out there.

- -- 
Rusty Zickefoose  |  The most exciting phrase to hear in science,
rusty () mci net     |  the one that heralds new discoveries, is not
                  |  "Eureka!", but "That's funny ..."
                  |  -- Isaac Asimov

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNUDlvu4+ch/bGDylAQGktAQAolKXogM3Gyr/Wp/AE1h6jZo6QQOTtOIU
ZkFUI+Dk7tKCoc6BPZ4VrsiPF1zslnQoIWwdceubl7kK+GwIyH4CTWtAyXGP+wr3
6EHKiYfZ19P/Wvhi0Cjxo2buxYgpLCEHeKR4GUKwnJI66HlInemlUp4zDpMQFy8R
mNIdSK/Pw1k=
=/Dxy
-----END PGP SIGNATURE-----



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault