On Tue, 9 Dec 1997, Adrian Chadd wrote:
On Fri, 5 Dec 1997, Wayne Bouchard wrote:
[snip]
threaten the most disruption of internet services. With ISDN and DSL, users have the bandwidth necessary to generate even more dangerous levels of traffic. If you don't think this issue affects you, it does. If you're not a target, your probably being used as a source.
I agree totally. A couple of problems:
* Filtering ALL ICMP is pretty silly, ICMP is there for more than just pings, and some of it is important.
Sure.. but it wont take a genius on the attackers side to figure out what types arent being blocked, and use those..
* If people start doing this, someone with a smidgen of time on their hands will write a ping flooder that uses random TCP or UDP packets with spoofed from addresses.
Well.. the main problem with smurf is that as far as i know, it uses the reply from a broadcast. that will rule out tcp unless they send a direct flow from the attackers box to the destination/victims box. For UDP, you would have to send it to a broadcast, and also hope there is a udp service listening (ie.. a test program i wrote sent 1 udp broadcast to 198.32.136.255:7 and received a whole bunch of replies.. turn off small services on routers would be helpfull.. :)). You could also do that to any network, the point being.. its easier to disable simple udp services then to setup filters on border routers.. -mike