Mike Hedlund wrote:
[snip]
Well.. the main problem with smurf is that as far as i know, it uses the reply from a broadcast. that will rule out tcp unless they send a direct flow from the attackers box to the destination/victims box. For UDP, you would have to send it to a broadcast, and also hope there is a udp service listening (ie.. a test program i wrote sent 1 udp broadcast to 198.32.136.255:7 and received a whole bunch of replies.. turn off small services on routers would be helpfull.. :)). You could also do that to any network, the point being.. its easier to disable simple udp services then to setup filters on border routers..
-mike
I guess that depends upon how many border routers you have :) It would also help to filter outgoing traffic from your network to ensure you do not become the unwitting source of a smurf attack.. -- Leigh Porter