Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Filtering ICMP (Was Re: SMURF amplifier block list)

  • From: Brandon Ross
  • Date: Sun Apr 26 21:16:28 1998

On Fri, 24 Apr 1998, Richard Irving wrote:

> Ok. You know how I always ask the obvious... So, here I go again..
> 
> This is only slightly off topic.. If you have no amplifiers
> greater than 2x-4x, is there really a need to turn off ip directed
> broadcasts? 

My feelings there are "why not?".  If you are running on a platform (such
as Cisco) that makes it easy to turn off directed broadcast you can only
help by turning it off.  In the attacks that have come our way, the
attackers have used almost every size of amplifier.  I also suspect that
as network managers become more clueful (a slow painful process) that the
attackers will eventually have to resort to less efficient means of
attack.

>   And if this is true, doesn't designing your network with minimized
> amplifier space sort of negate all this ?

In some applications that wouldn't be a hard thing to do, but for most
it's nearly impossible.

Brandon Ross            Network Engineering     404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc.  info@mindspring.com
Mosher's Law of Software Engineering:  Don't worry if it doesn't work
right.  If everything did, you'd be out of a job.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.