On Fri, 13 Oct 2000, Mark Milhollan - Franklin Employee wrote:
John Fraizer writes:
If someone doesn't want people sending ICMP echo-request to their network, they need to block it at the borders. If they do that, even if they have amp nets inside, they won't be available for abuse from the outside.
Only from ICMP echo-request based DDoS', others will still be available. They'd have to block all traffic to their broadcast addresses, which is pretty much what ``no directed broadcast'' does anyway.
Um, did I say anything about other types of DDoS? The thread, which is nearly three weeks old BTW, was about netscan.org and scanning for SMURF amp nets.
In any case, I find scanning for SMURF amps and scanning for vulnerabilities to be quite different.
Can't say I agree, since in fact they are both "vulnerabilities".
I would have hoped that you would have read the entire thread prior to composing your reply. Had you done so, perhaps your opinion might be different. In any case, the thread has been quiet for weeks now.
This is already too damn close to the usual thread about the other active scan for my comfort.
/mark
So why stir it more? --- John Fraizer EnterZone, Inc