nanog mailing list archives

Re: Solution: Re: Huge smurf attack


From: Daniel Senie <dts () senie com>
Date: Wed, 13 Jan 1999 20:37:28 -0500

Brett Frankenberger wrote:

:: Brandon Ross writes ::

Doing something like this, similar to the serveral suggestions to
filter all .0 and .255 addresses, is an attempt to fix the symptom
instead of the real problem.

So is forcing vendors to make the equivalent of "no ip
directed-broadcast" the default.  The problem is that dolts configure
routers.  The symptom is "ip directed-broadcast" is configured (or not
unconfigured) where is shouldn't be.

Actually, several vendors came to the conclusion they should change the
default on their own...

But, as customers of the router and networking equipment vendors, the
choice IS ultimately yours. If you have specific needs, then ask for
them. If you feel that routers which can filter RFC1918 addresses at
your peering points, at wire speed without croaking is important to you
and your neighbor ISPs, then ask for it. Such things CAN be built, if
someone expresses a desire to buy.


(For the record, I agree with you on blocking ICMPs and blocking
.0/.255 ... both are bad ideas.  But so is forcing vendors to violate
the router requirements RFC.  If we (the internet community) want
directed broadcasts to be dropped by default, we should get off our
collective duffs and change the RFC.)

On the subject of changing the RFC, I had been thinking about submitting
a draft on this subject for a while, and did submit one yesterday. See
<draft-senie-directed-broadcast-00.txt> on your favorite document mirror
site. I guess that qualifies as getting off my duff. Please read the
document and send me comments.

Dan

-- 
-----------------------------------------------------------------
Daniel Senie                                        dts () senie com
Amaranth Networks Inc.            http://www.amaranthnetworks.com


Current thread: