Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Filtering ICMP (Was Re: SMURF amplifier block list)

  • From: Michael Dillon
  • Date: Tue Apr 21 02:18:24 1998

On Tue, 21 Apr 1998, Mark Whitis wrote:

> Really, you should filter the known broadcast addresses of
> your downstream networks with the cooperation of those networks.

Exactly! You can run your own tests for likely broadcast addresses and if
you find an open broadcast address you should contact the downstream
network and ask if they can block directed broadcasts and if they can't
then you should get their permission to filter traffic to the open
broadcast address and regardless of their permission you should contact
the vendor of their equipment to inquire why the equipment is broken and
unsuitable for use on the Internet. And it would be nice to forward any
vendor info to Craig Huegen chuegen@quadrunner.com so he can update his
SMURF document and submit it for publication as an informational RFC with
all the vendor info in place.

> What I was objecting to was the idea that some ISP would get
> the idea that it was a good idea to filter all .255 destined traffic
> passing through their network

Yuk!

> Actually, even if they don't know the subnet structure before hand, they
> will discover this, as far as is relevent to smurfing, when they perform
> a smurf scan on their own CIDR blocks.  Any address that results in
> multiple smurf type echo replies from different addresses would be
> considered a broadcast address; any that didn't, wouldn't.

Exactly! And by cleaning up your downstream vulnerabilities you reduce the
chances that your entire address space will be blocked by other network
operators.

--
Michael Dillon                   -               Internet & ISP Consulting
http://www.memra.com             -               E-mail: michael@memra.com






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.