Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMURF amplifier block list

  • From: jlixfeld
  • Date: Fri Apr 17 15:57:22 1998

Why not just block them at your interface with an access-list (firewall)
filter?

On Tue, 14 Apr 1998, Forrest W. Christian wrote:

:On Tue, 14 Apr 1998, Hank Nussbacher wrote:
:
:> All outgoing pkts to 220.88.192.128/27 now should go to Null0.  I am sure
:> one can improve on the logic even more.
:
:Exactly.  All OUTGOING packets.   Not Incoming. Not the smurf attack
:packets which are swamping your downstream customer, which have a source
:address from 220.88.192.128/27.
:
:I will concede that shutting off connectivity to a site by a large enough
:chunk of the net should get someone to fix stuff....  But part of the
:advantage of the MAPS RBL BGP feed is that it helps to cut down spam
:coming into your network.  A BGP feed TODAY won't block a ping
:amplification attack aimed at your network or a downstream.  All it will
:do is prevent your customers from using the ping amplification networks to
:launch an attack.   And, if you have the appropriate anti-spoofing filters
:in place, they shouldn't be able to attack anything other than the valid
:source addresses you have in your outbound filter set.
:
:- Forrest W. Christian (forrestc@imach.com) 
:----------------------------------------------------------------------
:iMach, Ltd., P.O. Box 5749, Helena, MT 59604      http://www.imach.com
:Solutions for your high-tech problems.                  (406)-442-6648
:----------------------------------------------------------------------
:
:

--
Regards,  

Jason A. Lixfeld             jlixfeld@idirect.ca
iDirect Network Operations   jlixfeld@torontointernetxchange.net

---------------------------------------------------------------------
TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
5415 Dundas Street West      | http://www.torontointernetxchange.net
Suite 301, Toronto Ontario   | (416) 236-5806	     (T)
M9B-1B5 CANADA               | (416) 236-5804        (F)
---------------------------------------------------------------------





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.