Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMURF amplifier block list

  • From: Forrest W. Christian
  • Date: Tue Apr 14 06:14:10 1998

On Tue, 14 Apr 1998, Hank Nussbacher wrote:

> All outgoing pkts to 220.88.192.128/27 now should go to Null0.  I am sure
> one can improve on the logic even more.

Exactly.  All OUTGOING packets.   Not Incoming. Not the smurf attack
packets which are swamping your downstream customer, which have a source
address from 220.88.192.128/27.

I will concede that shutting off connectivity to a site by a large enough
chunk of the net should get someone to fix stuff....  But part of the
advantage of the MAPS RBL BGP feed is that it helps to cut down spam
coming into your network.  A BGP feed TODAY won't block a ping
amplification attack aimed at your network or a downstream.  All it will
do is prevent your customers from using the ping amplification networks to
launch an attack.   And, if you have the appropriate anti-spoofing filters
in place, they shouldn't be able to attack anything other than the valid
source addresses you have in your outbound filter set.

- Forrest W. Christian (forrestc@imach.com) 
----------------------------------------------------------------------
iMach, Ltd., P.O. Box 5749, Helena, MT 59604      http://www.imach.com
Solutions for your high-tech problems.                  (406)-442-6648
----------------------------------------------------------------------






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.