Dave Rand was known to have said:
Here's the latest group of smurf-able networks. [...] Some of the phone calls were interesting. Many of the NOC staff did not know what a smurf attack was (so I explained it to them). Many did not want to set no ip directed-broadcast because they didn't know what it would do. [...] 148.59.0.0
A quick note: If you find yourself having problems from this netblock, please contact either jmh@msen.com (me) or noc@msen.com. We currently cannot disable directed broadcast due to a NASTY bug in the packet forwarding code of the Proteon routers we use on our backbone. We are working with Proteon to solve this issue. (I'm also trying to figure out if the issue is worth posting to Bugtraq.) In the meanwhile, we have implemented blackhole routing for the subnets that seemed to be at issue.
Dave Rand
-- Jeffrey Haas "He that breaks a thing to find out what it is has elezar@pfrc.org left the paths of wisdom." (Or works for Fermilab...)
Why should not you filter out all packets destinated to this very broadcast address somewhere on the border router? By their DST address, not as _direct broadcast_ packets? On Mon, 9 Mar 1998, Jeffrey Haas wrote:
Date: Mon, 9 Mar 1998 14:58:30 -0500 (EST) From: Jeffrey Haas <elezar@pfrc.org> To: nanog@merit.edu Subject: Re: More smurf fun
Dave Rand was known to have said:
Here's the latest group of smurf-able networks. [...] Some of the phone calls were interesting. Many of the NOC staff did not know what a smurf attack was (so I explained it to them). Many did not want to set no ip directed-broadcast because they didn't know what it would do. [...] 148.59.0.0
A quick note:
If you find yourself having problems from this netblock, please contact either jmh@msen.com (me) or noc@msen.com.
We currently cannot disable directed broadcast due to a NASTY bug in the packet forwarding code of the Proteon routers we use on our backbone. We are working with Proteon to solve this issue.
(I'm also trying to figure out if the issue is worth posting to Bugtraq.)
In the meanwhile, we have implemented blackhole routing for the subnets that seemed to be at issue.
Dave Rand
-- Jeffrey Haas "He that breaks a thing to find out what it is has elezar@pfrc.org left the paths of wisdom." (Or works for Fermilab...)
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
participants (2)
-
Alex P. Rudnev
-
Jeffrey Haas