On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox:
Is UDP smurf much in evidence? (send a UDP packet to the broadcast address on the echo server port and you'll either get ICMP port unreachables back or UDP echos). The reason I ask is that edge ICMP rate limiting won't help UDP.
Supposedly UDP smurf (fraggle) is becoming more popular. I haven't seen it myself. The only type of UDP attack I've seen has been where a user breaks into machine on high bandwidth, fails to get root, and runs a program that sends large amounts of huge UDP packets to a destination host. This makes tracing the problem loads easier, and your upstream can block out the single host. -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) The name's Bean....Mr. Bean. Founder, the DALnet IRC Network e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/