Re: Smurf

To: Richard Ibbotson <richard@sheflug.co.uk>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: Smurf
From: Adam William Lydick <awlydick@bulldog.unca.edu>
Date: Thu, 18 Apr 2002 18:35:16 -0400 (EDT)
Message-id: <[🔎] Pine.OSF.4.31.0204181830450.500453-100000@bulldog.unca.edu>
In-reply-to: <[🔎] 20020418193427.925A2679C3@sheflug.shef-lug.net>

I think that you either don't understand smurf attacks or I am totally
misunderstanding what you are trying to ask.

"Smurf attacks" are not any sort of break-in attempt. They are a flood of
responses to forged ICMP Echo Request (PING) packets. You cannot firewall
off incoming DoS attacks as an end-user. (They are hitting your firewall,
creating the same bottleneck in traffic as they would if the attack got
through to internal machines)

You can prevent your internal users from launching smurf attacks from your
network, by dropping forged packets at any of your gateways. (Preferably
the closest gateway to the user).

Hope that helps,

Adam

On Thu, 18 Apr 2002, Richard Ibbotson wrote:

> Hi
>
> I've had a good look round the net and at several books about
> iptables as well as the man pages.  Can't find any reference to smurf
> attack and the use of iptables to block this kind of break in attempt.
>
> Can anyone explain how to write a rule for this ?   Any help greatly
> appreciated.
>
> Thank you
>
>
> --
> Richard

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Smurf
  - From: Richard Ibbotson <richard@sheflug.co.uk>

Prev by Date: Smurf
Next by Date: Re: Smurf
Previous by thread: Smurf
Next by thread: Re: Smurf
Index(es):
- Date
- Thread