On Thu, 11 May 2000, Vipul Shah wrote:
The solution suggested by RFC2644 is for routers only, while the proposed solution is intended for end-nodes.
If DDoS Smurf attack is generated using local broadcast, RFC2644 solution won't prevent the attack. Read carefully the last paragraph of Section 1 of the draft.
Another point that hasn't been mentioned in this thread is that this type of attack is very easy to track down, since all the echo-reply packets will have addresses in the same subnet. A good portion of the problem with smurf attacks is not so much the attack itself as the painful process of tracking it to it's source. Brandon Ross 404-522-5400 VP Engineering, NetRail http://www.netrail.net AIM: BrandonNR ICQ: 2269442 Read RFC 2644! Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.