North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Filtering ICMP (Was Re: SMURF amplifier block list)
- From: Brandon Ross
- Date: Sun Apr 26 21:16:28 1998
On Fri, 24 Apr 1998, Richard Irving wrote:
> Ok. You know how I always ask the obvious... So, here I go again..
>
> This is only slightly off topic.. If you have no amplifiers
> greater than 2x-4x, is there really a need to turn off ip directed
> broadcasts?
My feelings there are "why not?". If you are running on a platform (such
as Cisco) that makes it easy to turn off directed broadcast you can only
help by turning it off. In the attacks that have come our way, the
attackers have used almost every size of amplifier. I also suspect that
as network managers become more clueful (a slow painful process) that the
attackers will eventually have to resort to less efficient means of
attack.
> And if this is true, doesn't designing your network with minimized
> amplifier space sort of negate all this ?
In some applications that wouldn't be a hard thing to do, but for most
it's nearly impossible.
Brandon Ross Network Engineering 404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc. info@mindspring.com
Mosher's Law of Software Engineering: Don't worry if it doesn't work
right. If everything did, you'd be out of a job.
|
