On Tue, 14 Apr 1998, Stephen Sprunk wrote:
Are we really concerned about being smurfed by a /30, or even a /27?
The essential problem is backbone class-C's, especially those in NAPs where coordination is nearly impossible. Smaller subnets tend to be in small ISPs' or customers' networks, which don't pose a threat since they lack the bandwidth for an effective attack.
Im kind of under the impression that we're (ok, just me, but anyone else is welcome to jump on this bandwagon) trying to point out that class based thinking.. or even "well, most of the net is this" thinking is probably a bad idea. Kludges n' hacks may work most of the time, but kludges and hacks are just that.. kludgey and hackish. Hard coded defines, precompiled bins, etc have proven to be a less elegant method in other areas of the computing world... why should we repeat the same kind of mistake in the networking field? A smurf attack is just that, a smurf attack. Wouldnt the overall goal include removing the attack possibility in its entirety, not just a temporary solution that may solve some of the problems, but definetly not all of them? Assuming that most of the net is based on /24s, and that smaller subnets are generally internal to those /24's may be a safe assumption, but once again its probably not the best way to think about this problem (not that I have any hints on what the best way should be, but im fairly certain that applying a stereotypical ideology to this is "not a good thing"). just my two bits and a lot of run on sentences. -- Aaron