Re: smurf attack

To: sim ton <firewall38@lycos.com>
Cc: debian <debian-firewall@lists.debian.org>
Subject: Re: smurf attack
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Thu, 23 May 2002 20:38:02 +0200
Message-id: <[🔎] 20020523183802.GB26723@lina.inka.de>
In-reply-to: <[🔎] OBCADHONLEOFIAAA@mailcity.com>
References: <[🔎] OBCADHONLEOFIAAA@mailcity.com>

On Thu, May 23, 2002 at 01:59:35AM -0700, sim ton wrote:
> does this line help me to protect well against smurf attack :
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # No Smurf amplifying

No, it only protects you from beeing a smurf amplifier, harming others.

A smurf attack is simply overfilling your pipe to the ISP with large amount
of echo responses target to your IPs. To protect yourself from this, you
need to make sure your ISP is filtering or rate limiting the packets to you,
and the Pipe and the Routers of your ISPs are fast enough. 

Smurf Attacks can easyly saturate 155MBits links and go on for days. Nothing
you can do on the leafe site.

Greetings
Bernd

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- smurf attack
  - From: "sim ton" <firewall38@lycos.com>

Prev by Date: scanning ports
Next by Date: where is tcp_syncookies
Previous by thread: Re: smurf attack
Next by thread: scanning ports
Index(es):
- Date
- Thread