Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)

  • From: Bradley Reynolds
  • Date: Sun Dec 28 19:56:47 1997

> Huh?
> ICMP floods vs TCP floods. Aren't they both IP or have I missed something
> glaringly obvious.
>  
Yes, both are independent of the network layer protocol which
operates beneath them (which in this case is IP)

The difference is that you can filter icmp seperately from tcp
to give you some sort of granularity with your acl policy.  This
is important in that if you deny icmp traffic to a specific segment
of your network (or in from your serial interface for the
whole thing) you are still vulnerable to the publicized attacks
which exploit vulnerabilities inherent in TCP.  

The whole point for this discussion was that you should be
a responsible network administrator and understand the trouble
you could cause the people you are connected to.  Once you understand
that, you can take use the facilities that your vendor provides
to limit the damage so to speak.  

BR

brad reynolds
ber@cwru.edu





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.