Subject: Re: Smurfing
Prehaps RFC1812 *should* be updated to reflect that this is destructive behavior. Good news.
One more question (just is there is someone from the CISCO) - what's about source-address filtering at default for the access servers/routers? Note all this problems (SMURF, DENIAL-ATTACK, DNS-FRAUDING, etc etc) can be 100% blocked if ISP would not allow it's customers to send IP packets with the wrong SRC address. If not, they (hackers) should found new, new and new tricks to fraud any IP network.
Having said that, this is work whch should be suggested to the IETF -- the NANOG participants, being operations focused, are in a very good position to make noise on this front.
- paul
Excerpted from section 5.3.5:
A router MAY have an option to disable receiving network-prefix- directed broadcasts on an interface and MUST have an option to disable forwarding network-prefix-directed broadcasts. These options MUST default to permit receiving and forwarding network-prefix- directed broadcasts.
Or perhaps because the folks on this list haven't made it clear enough to their vendors that the default should be "off" <hint>.
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)