Re: smurf attacks

From: James (james@towardex.com)
Date: Tue Oct 12 2004 - 00:12:32 GMT-3

• Next message: James: "Re: regex question for bgp"
• Previous message: Peter Ding: "RE: regex question for bgp"
• Maybe in reply to: John Matus: "smurf attacks"
• Next in thread: Mike Calhoon: "RE: smurf attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, Oct 11, 2004 at 08:02:05PM -0700, John Matus wrote:
> how does one stop a smurf attack?

no ip directed-broadcast

Note that it won't really stop the attack per se, but will prevent your
network from being used as amplifier for the attack. smurf is rarely a
concern in real world today though since most router vendors disable directed
broadcast by default.

What's real threat today are big big bot nets and spoofed addr floodings that
can easily kill a GigE of internet transit.

HTH,
-J

-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james@towardex.com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net

• Next message: James: "Re: regex question for bgp"
• Previous message: Peter Ding: "RE: regex question for bgp"
• Maybe in reply to: John Matus: "smurf attacks"
• Next in thread: Mike Calhoon: "RE: smurf attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:46 GMT-3