On Wed, 2 Dec 1998, Phil Howard wrote:
AFAIK, today, smurfers are only using *.*.*.255. They would have to track a lot more information to use others, so for now I can generally expect that deny to prevent us from being an amplifier.
I'm afraid that in my experience, that's not true at all. I've seen smurf attacks bounced off of networks as small as /30's and all the way up to one network that was a /22, as well as everything inbetween, and I'm not just talking about the last /30 in a /24 either. Brandon Ross Network Engineering 404-815-0770 800-719-4664 Director, Network Engineering, MindSpring Ent., Inc. info@mindspring.com ICQ: 2269442 Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.