Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [FW1] How do I stop being smurfed?

To: [email protected]
Subject: Re[2]: [FW1] How do I stop being smurfed?
From: Cedric Amand <[email protected]>
Date: Tue, 3 Oct 2000 20:22:51 +0200
In-reply-to: <9DC88C934871D311A82C00A0C9A8284D012F7B64@PBEXCH02>
References: <9DC88C934871D311A82C00A0C9A8284D012F7B64@PBEXCH02>
Reply-to: Cedric Amand <[email protected]>
Sender: [email protected]

Hello Tom,

Tuesday, October 03, 2000, 5:30:02 PM, you wrote:


RT> I am truly concerned that your ISP is not helping you with this situation.
RT> I don't understand how a router, on YOUR network,  configured with filtering
RT> to stop an attack, can affect other customers.  (The router and dsu are on
RT> YOUR site, right?  The only traffic coming to and from THAT router is yours,
RT> right?) In my last shop, WE managed the small router (Cisco 2500) connected
RT> to our ISP.  The filtering you want is not a major problem.  I think you
RT> should pursue this to the highest level at the ISP.  I think the "Internet
RT> Industry" in general would be OUTRAGED, that you have identified an attack,
RT> and your ISP offers NO assistance, when the fix is obvious.  Just my two
RT> cents...

Smurf attack is aimed at the bandwidth. It is useless to put
accesslist on YOUR router, since the hostile traffic reaches
your pipe and saturates it.

The ACL has to be BEFORE your router, eg at your ISP's main
router. It should even be put BEFORE your Isp (at your ISP's
carriers) to be perfectly effective.

And since this traffic is spoofed, it also means that your
ISP would cut itself from half of the world (if the attacker
is clever, he spoofs high traffic places ;)

And your ISP refuses to put access lists ("it affects other customers")
beause an ACL slows down the router, is a CPU hog, and they would
slow down their entire company just to avoid you beeing smurfed.
(And could cut themselves from major sites if the traffic is spoofed.)

I'm telling you they are right to do so, I'm just telling you
the real-life facts.

-- 
Best regards,
 Cedric                            mailto:[email protected]




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] How do I stop being smurfed?
  - From: "Reynolds, Tom" <[email protected]>

Prev by Date: RE: [FW1] VPN accelerator card with SUN450 FW-1 4.1
Next by Date: [FW1] Anyone doing CVP Content Screening?
Previous by thread: RE: [FW1] How do I stop being smurfed?
Next by thread: RE: [FW1] How do I stop being smurfed?
Index(es):
- Date
- Thread