Havard, --On Friday, February 13, 1998, 11:45 PM +0100 Havard.Eidnes@runit.sintef.no wrote:
getting Smurfing "under control" takes two things:
o All router administrators on the immediately reachable Internet needs to turn off directed broadcasts on their router interfaces.
o Making sure source IP address spoofing isn't as easily done as it is now. Also an easy one, right? ;-)
I agree, and this is what we have done. The earlier post (from someone else) was asking about how to filter *outbound* directed broadcasts, and I didn't understand how this could be done. A number of my NANOG colleagues have adamantly agreed that it can't!
o While we struggle with the above two, at least some service providers need to become more responsive in tracking these sort of events back to their real source. No names mentioned, none forgotten.
Agreed. Would it make sense to come up with a cooperative mechanism for this similar to CERT only faster?
o Lastly, I think that better tools are needed to track this sort of attacks back to their source (?).
That would be very difficult, effectively requiring the ability to query routers and ask if they are seeing packets bound for a specific address. I'd love to see some tools that would help us do that, however! -- Steve Hultquist, Chief Technology Officer HSAnet providing high-speed Internet access Boulder, Colorado mailto:ssh@HSAnet.net +1.303.581.0800 http://www.HSAnet.net/