[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] How do I stop being smurfed?
Tim, Exodus is a company that uses lots of politics....so if you go and address you issue to the highest level of the food chain you should get some positive results. On the other hand only a few of them knows what's up in there, the rest doesn't have a the expertise. MY 2 Cents \\|// (O-O) ---------oOO(_)OOo--------- *Reginald* MSCE,CCSA,CCSE --------------------------- -----Original Message----- From: Reynolds, Tom [mailto:[email protected]] Sent: Tuesday, October 03, 2000 11:30 AM To: 'Tim Gollschewsky'; Firwall-1 List Subject: RE: [FW1] How do I stop being smurfed? I am truly concerned that your ISP is not helping you with this situation. I don't understand how a router, on YOUR network, configured with filtering to stop an attack, can affect other customers. (The router and dsu are on YOUR site, right? The only traffic coming to and from THAT router is yours, right?) In my last shop, WE managed the small router (Cisco 2500) connected to our ISP. The filtering you want is not a major problem. I think you should pursue this to the highest level at the ISP. I think the "Internet Industry" in general would be OUTRAGED, that you have identified an attack, and your ISP offers NO assistance, when the fix is obvious. Just my two cents... -Tom Reynolds MCSE CCNA -----Original Message----- From: Tim Gollschewsky [mailto:[email protected]] Sent: Tuesday, October 03, 2000 10:55 AM To: Firwall-1 List Subject: Re: [FW1] How do I stop being smurfed? My ISP won't do anything, they say filtering on their routers might "affect other customers". My reasoning would be: - They add one filter to one router (big job that). - This would stop the script kiddie's attack. - He would give up. - Bandwidth usage would go down on their main pipe (which gives all customers a better service). On Tue, Oct 03, 2000 at 04:49:27PM +0200, Jonas Thambert spoke thusly: > The IP stack will still process the packets and jam the internet access, > before > they are dropped. So its better to have your ISP do the > shitwork than you. They probably have better resources/pipes to > handle it. > > /Jonas > > > > > -----Original Message----- > From: Tim Gollschewsky [mailto:[email protected]] > Sent: den 3 oktober 2000 15:37 > To: Firwall-1 List > Subject: Re: [FW1] How do I stop being smurfed? > > > > Yep, I'm running FW-1. I can drop the packets in my rulebase OK but > they still saturate the network in front of my box before I can drop > them. > > On Tue, Oct 03, 2000 at 08:18:52AM -0500, Jason LaFlair spoke thusly: > > are you running FW-1? If so make your first rule ICMP-Drop and that > should > > clear you up and block it yourself. > > > > If this doesn't help let me know and I can look into another solution. > > > > Jason LaFlair > > [email protected] > > > > ----- Original Message ----- > > From: "Tim Gollschewsky" <[email protected]> > > To: "Firwall-1 List" <[email protected]> > > Sent: Tuesday, October 03, 2000 7:38 AM > > Subject: [FW1] How do I stop being smurfed? > > > > > > > > > > Hi, > > > > > > One of the sites I manage is currently under a heavy smurf attack, the > > > only way I can think of to stop it is to go upstream to my provider > > > and ask them to block echo-replys (or just ICMP) to the target machine, > > > but my provider (exodus) refuses to help. :( > > > > > > Is there ANYTHING else I can do? > > > > > > Thanks, > > > > > > Tim. > > > > > > > > > > > > ============================================================================ > > ==== > > > To unsubscribe from this mailing list, please see the instructions > at > > > http://www.checkpoint.com/services/mailing.html > > > > > > ============================================================================ > > ==== > > > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|