nanog mailing list archives
Re: Network Operators and smurf
From: Jason Lixfeld <jlixfeld () idirect ca>
Date: Sat, 25 Apr 1998 11:44:06 -0400 (EDT)
99% of the people know that but how do you propose to relay that message to every NOC on the Internet. THAT is the problem. On Fri, 24 Apr 1998, Rusty Zickefoose wrote: :-----BEGIN PGP SIGNED MESSAGE----- : :Hi all, : :<rant> : If were reading this list on a professional basis, we should be a :little clued, or at least attempting to get there. We're in the big :leagues now, read up on CIDR, figure out classless subnetting. To :advocate breaking legitimate routing because we, as an industry, don't want :to put in the time and effort to educate our end users is just a little :lame. :</rant> : : Had to get that off my chest. : : Anyway, it's been said here several times before, but I'll say it :again. : : To end the smurf type exploits, we need to do 2 things. : :1. Routers/Gateways should be configured to prevent the transmission of :echo-request packets, out an interface, to a destination address identical :to the broadcast address of that interface, except in those cases where :specifically required. : : This means getting vendors to give us a knob, and having it :default to off. : :This is the easy one folks, figuring out net-masks aren't that hard. The :transit providers might have problems with implementing this due to :hardware meltdown, but that's not where it needs to be implemented. : : !!Educate your (our) users!! : : :2. Routers/Gateways should be configured to drop all packets with :invalid source addresses. : : This is a little bit more difficult, particularly if your :multi-homed, but again, it's not the transit providers that are need to :implement this, its the end user. : : once more : : !!Educate your (our) users!! : :No. 2 has the benefit of fixing all manner of ills. : :The problem is us. This isn't a research network run and maintained by :the knowledgable. This is a business. We're selling a product, and if we :expect it to operate as advertised, it's up to us to educate those we sell :it to. : : :This is Mr. Pot, saying so long to all you kettles out there. : :- -- :Rusty Zickefoose | The most exciting phrase to hear in science, :rusty () mci net | the one that heralds new discoveries, is not : | "Eureka!", but "That's funny ..." : | -- Isaac Asimov : :-----BEGIN PGP SIGNATURE----- :Version: 2.6.2 : :iQCVAwUBNUDlvu4+ch/bGDylAQGktAQAolKXogM3Gyr/Wp/AE1h6jZo6QQOTtOIU :ZkFUI+Dk7tKCoc6BPZ4VrsiPF1zslnQoIWwdceubl7kK+GwIyH4CTWtAyXGP+wr3 :6EHKiYfZ19P/Wvhi0Cjxo2buxYgpLCEHeKR4GUKwnJI66HlInemlUp4zDpMQFy8R :mNIdSK/Pw1k= :=/Dxy :-----END PGP SIGNATURE----- : -- Regards, Jason A. Lixfeld jlixfeld () idirect ca iDirect Network Operations jlixfeld () torontointernetxchange net --------------------------------------------------------------------- TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company" Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs" 5415 Dundas Street West | http://www.torontointernetxchange.net Suite 301, Toronto Ontario | (416) 236-5806 (T) M9B-1B5 CANADA | (416) 236-5804 (F) ---------------------------------------------------------------------
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Brian Holt (Apr 25)
- Re: Network Operators and smurf Alex P. Rudnev (Apr 27)
- RE: Network Operators and smurf barton (Apr 25)
- RE: Network Operators and smurf Craig A. Huegen (Apr 26)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Jason Lixfeld (Apr 26)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Daniel R Ehrlich (Apr 26)
- Re: Network Operators and smurf Dalvenjah FoxFire (Apr 26)
- Re: Network Operators and smurf D'Arcy J.M. Cain (Apr 27)
- Re: Network Operators and smurf (UTSA) Bryan Bradsby (Apr 27)
- Re: Network Operators and smurf (UTSA) Karl Denninger (Apr 27)