[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: smurf attack

On Thu, May 23, 2002 at 01:59:35AM -0700, sim ton wrote:
> does this line help me to protect well against smurf attack :
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # No Smurf amplifying

No, it only protects you from beeing a smurf amplifier, harming others.

A smurf attack is simply overfilling your pipe to the ISP with large amount
of echo responses target to your IPs. To protect yourself from this, you
need to make sure your ISP is filtering or rate limiting the packets to you,
and the Pipe and the Routers of your ISPs are fast enough. 

Smurf Attacks can easyly saturate 155MBits links and go on for days. Nothing
you can do on the leafe site.


To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: