Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Anti Smurf enabling
On Wed, Apr 29, 1998 at 10:17:57AM -0500, Joe Shaw wrote:
>
> When/If they get it fixed, I would hope that the make the Forward directed
> Bcast option set to No by default. With all the problems we've had trying
> to contact people and get them to fix their routers, I think it's just
> best if people have to specificly set it to Yes for their operations than
> to have to constantly bug them to set it to No to protect the rest of the
> net. I would guess that a MAX40xx or two wouldn't be too bad but a high
> density TNT box could be trouble.
There is a backward compatibility issue with that. And P50s are not only
used on the Internet but as well on Intranets where people may actually
rely on directed bcast forwarding. I guess anyway how you set the default
it will be wrong ;)
BTW, a P50 is fully sufficient. We have seen a secondary victim of a
smurf attack (not the primary, just one of the nets with lots of
IPs generating echo replies) doing 2.5 GByte traffic in 6 hours on a 64k
dial line (Stac is great).
--
Kanther-Line: PGP SSH IDEA MD5 GOST RIPE-MD160 3DES RSA FEAL32 RC4
+-o-+--------------------------------------------------------+-o-+
| o | \\\- Brain Inside -/// | o |
| o | ^^^^^^^^^^^^^^ | o |
| o | Andre' Beck (ABPSoft) AB10-RIPE XLink PoP Dresden | o |
+-o-+--------------------------------------------------------+-o-+
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: