Date: Thu, 12 Aug 1999 14:00:10 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: Nick Rogness <nick@rapidnet.com> Cc: freebsd-security@freebsd.org Subject: RE: ipfw Message-ID: <Pine.BSF.3.96.990812133555.62924E-100000@anchovy.orem.iserver.com> In-Reply-To: <Pine.BSF.4.05.9908121309450.51354-100000@rapidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Aug 1999, Nick Rogness wrote: > No this DENIES anyone from outside trying to hit the broadcast on your > local net. How are they suppose to hit your broadcast if it is blocked > at your gateways? ... and that means that you won't be used as a smurf amplifier, as I said. > That will stop Smurf & Fraggle attacks from outside to his Local LAN. There are three parties involved in a smurf attack -- the attacker, one or more amplifiers, and the vicitim. Blocking outside packets directed at the broadcast address does not prevent yourself from being a smurf vicitim! Read up on how the attack works: http://users.quadrunner.com/chuegen/smurf.cgi When you play the victim in a smurf attack you get hit by packets to a specific address of yours coming from hundreds (maybe even thousands) of remote machines. How will filtering packets from the outside to the broadcast addresses deflect anything? Better yet, how will filtering *anything* at your site stop the attack? By the time the packets make it to your firewall, your external bandwidth is already saturated and you're toasted before you can react and there's very little you can do about it. That's what makes the attack so insidious -- it works because thousands of amplifier networks exist on the Internet and you (the vicitim) have no control over them to get them fixed. We've been hit here before by smurf attacks in excess of 60 Mb/s that lasted several hours, and yes, they really suck. :-) Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990812133555.62924E-100000>