nanog mailing list archives
Re: source filtering
From: Dalvenjah FoxFire <dalvenjah () DAL NET>
Date: Tue, 12 Jan 1999 11:07:03 -0800
On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox:
Is UDP smurf much in evidence? (send a UDP packet to the broadcast address on the echo server port and you'll either get ICMP port unreachables back or UDP echos). The reason I ask is that edge ICMP rate limiting won't help UDP.
Supposedly UDP smurf (fraggle) is becoming more popular. I haven't
seen it myself.
The only type of UDP attack I've seen has been where a user breaks
into machine on high bandwidth, fails to get root, and runs a program
that sends large amounts of huge UDP packets to a destination host.
This makes tracing the problem loads easier, and your upstream can
block out the single host.
-dalvenjah
--
Dalvenjah FoxFire (aka Sven Nielsen) The name's Bean....Mr. Bean.
Founder, the DALnet IRC Network
e-mail: dalvenjah () dal net WWW: http://www.dal.net/~dalvenjah/
whois: SN90 Try DALnet! http://www.dal.net/
Current thread:
- source filtering Jared Mauch (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Jared Mauch (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Dan Hollis (Jan 12)
- Re: source filtering Craig A. Huegen (Jan 12)
- Re: source filtering Craig A. Huegen (Jan 12)
- Re: source filtering Dan Hollis (Jan 12)
- Re: source filtering Daniel Senie (Jan 12)
- Re: source filtering Jared Mauch (Jan 12)
- Re: source filtering Dalvenjah FoxFire (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Phillip Vandry (Jan 12)
- <Possible follow-ups>
- Re: source filtering prue (Jan 12)
- Re: source filtering Alex P. Rudnev (Jan 13)
- RE: source filtering Scott McGrath (Jan 13)
- Message not available
- Re: source filtering Tony Tauber (Jan 13)
- Message not available
- Re: source filtering Jay R. Ashworth (Jan 16)
- Message not available
- Re: source filtering Tony Tauber (Jan 17)
- Message not available