Re: `smurf' multi-broadcast icmp attack

Craig A. Huegen (chuegen@QUADRUNNER.COM)
Mon, 13 Oct 1997 10:36:42 -0700

On Sun, 12 Oct 1997, T. Freak wrote:

See http://www.quadrunner.com/~chuegen/smurf.txt for the information on
how to protect your network, as well as how to prevent _helping_ those who
are launching the attacks. This is a paper I have written to assist the
networking community on suppressing the attacks; I will be presenting the
content in an Interprovider Operations BOF at the NANOG meeting on October
27.

==>I believe MCI is currently working on a patch or dectector of some kind
==>for it, which is available at
==> http://www.internetnews.com/isp-news/1997/10/0901-mci.html

See http://www.security.mci.net/dostracker/ for more details. It's a perl
script which will log into a series of Cisco routers and track an attack
interface-by-interface to the edge of the network.

/cah

----
Craig A. Huegen, consultant <chuegen@quadrunner.com>
Cisco Certified Internetwork Expert, #2100
Quadrunner Communications - Network and Systems Consulting