Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] How do I stop being smurfed?

To: "'Reynolds, Tom'" <[email protected]>, "Worldwide Support (E-mail)" <[email protected]>
Subject: RE: [FW1] How do I stop being smurfed?
From: "Guillaume, Reginald" <[email protected]>
Date: Tue, 3 Oct 2000 13:15:21 -0400
Sender: [email protected]

Tim,

        Exodus is a company that uses lots of politics....so if you go and
address you issue to the highest level of the food chain you should get some
positive results. On the other hand only a few of them knows what's up in
there, the rest doesn't have a the expertise.

         MY 2 Cents
            \\|// 
            (O-O)
 ---------oOO(_)OOo---------
         *Reginald*
       MSCE,CCSA,CCSE
 ---------------------------


-----Original Message-----
From: Reynolds, Tom [mailto:[email protected]]
Sent: Tuesday, October 03, 2000 11:30 AM
To: 'Tim Gollschewsky'; Firwall-1 List
Subject: RE: [FW1] How do I stop being smurfed?



I am truly concerned that your ISP is not helping you with this situation.
I don't understand how a router, on YOUR network,  configured with filtering
to stop an attack, can affect other customers.  (The router and dsu are on
YOUR site, right?  The only traffic coming to and from THAT router is yours,
right?) In my last shop, WE managed the small router (Cisco 2500) connected
to our ISP.  The filtering you want is not a major problem.  I think you
should pursue this to the highest level at the ISP.  I think the "Internet
Industry" in general would be OUTRAGED, that you have identified an attack,
and your ISP offers NO assistance, when the fix is obvious.  Just my two
cents...

-Tom Reynolds MCSE CCNA

-----Original Message-----
From: Tim Gollschewsky [mailto:[email protected]]
Sent: Tuesday, October 03, 2000 10:55 AM
To: Firwall-1 List
Subject: Re: [FW1] How do I stop being smurfed?



My ISP won't do anything, they say filtering on their routers might
"affect other customers".

My reasoning would be:
  - They add one filter to one router (big job that).
  - This would stop the script kiddie's attack.
  - He would give up.
  - Bandwidth usage would go down on their main pipe (which gives all
    customers a better service).

On Tue, Oct 03, 2000 at 04:49:27PM +0200, Jonas Thambert spoke thusly:
> The IP stack will still process the packets and jam the internet access,
> before
> they are dropped. So its better to have your ISP do the
> shitwork than you. They probably have better resources/pipes to 
> handle it.
> 
> /Jonas
> 
> 
> 
> 
> -----Original Message-----
> From: Tim Gollschewsky [mailto:[email protected]]
> Sent: den 3 oktober 2000 15:37
> To: Firwall-1 List
> Subject: Re: [FW1] How do I stop being smurfed?
> 
> 
> 
> Yep, I'm running FW-1.  I can drop the packets in my rulebase OK but
> they still saturate the network in front of my box before I can drop
> them.
> 
> On Tue, Oct 03, 2000 at 08:18:52AM -0500, Jason LaFlair spoke thusly:
> > are you running FW-1?  If so make your first rule ICMP-Drop and that
> should
> > clear you up and block it yourself.
> > 
> > If this doesn't help let me know and I can look into another solution.
> > 
> > Jason LaFlair
> > [email protected]
> > 
> > ----- Original Message -----
> > From: "Tim Gollschewsky" <[email protected]>
> > To: "Firwall-1 List" <[email protected]>
> > Sent: Tuesday, October 03, 2000 7:38 AM
> > Subject: [FW1] How do I stop being smurfed?
> > 
> > 
> > >
> > > Hi,
> > >
> > > One of the sites I manage is currently under a heavy smurf attack, the
> > > only way I can think of to stop it is to go upstream to my provider
> > > and ask them to block echo-replys (or just ICMP) to the target
machine,
> > > but my provider (exodus) refuses to help.   :(
> > >
> > > Is there ANYTHING else I can do?
> > >
> > > Thanks,
> > >
> > > Tim.
> > >
> > >
> > >
> >
>
============================================================================
> > ====
> > >      To unsubscribe from this mailing list, please see the
instructions
> at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> >
>
============================================================================
> > ====
> > >
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Routing & Multiple Subnets
Next by Date: RE: [FW1] H323 through a firewall
Previous by thread: Re[2]: [FW1] How do I stop being smurfed?
Next by thread: RE: [FW1] How do I stop being smurfed?
Index(es):
- Date
- Thread