nanog mailing list archives
Re: source filtering
From: Dalvenjah FoxFire <dalvenjah () DAL NET>
Date: Tue, 12 Jan 1999 11:07:03 -0800
On Tue, Jan 12, 1999 at 06:25:47PM +0000, Alex Bligh put this into my mailbox:
Is UDP smurf much in evidence? (send a UDP packet to the broadcast address on the echo server port and you'll either get ICMP port unreachables back or UDP echos). The reason I ask is that edge ICMP rate limiting won't help UDP.
Supposedly UDP smurf (fraggle) is becoming more popular. I haven't seen it myself. The only type of UDP attack I've seen has been where a user breaks into machine on high bandwidth, fails to get root, and runs a program that sends large amounts of huge UDP packets to a destination host. This makes tracing the problem loads easier, and your upstream can block out the single host. -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) The name's Bean....Mr. Bean. Founder, the DALnet IRC Network e-mail: dalvenjah () dal net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/
Current thread:
- source filtering Jared Mauch (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Jared Mauch (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Dan Hollis (Jan 12)
- Re: source filtering Craig A. Huegen (Jan 12)
- Re: source filtering Craig A. Huegen (Jan 12)
- Re: source filtering Dan Hollis (Jan 12)
- Re: source filtering Daniel Senie (Jan 12)
- Re: source filtering Jared Mauch (Jan 12)
- Re: source filtering Dalvenjah FoxFire (Jan 12)
- Re: source filtering Alex Bligh (Jan 12)
- Re: source filtering Phillip Vandry (Jan 12)
- <Possible follow-ups>
- Re: source filtering prue (Jan 12)
- Re: source filtering Alex P. Rudnev (Jan 13)
- RE: source filtering Scott McGrath (Jan 13)
- Message not available
- Re: source filtering Tony Tauber (Jan 13)
- Message not available
- Re: source filtering Jay R. Ashworth (Jan 16)
- Message not available
- Re: source filtering Tony Tauber (Jan 17)
- Message not available