- To: outages-list@eskimo.com
- Subject: Smurf Attack
- From: Robert Dinse <nanook@eskimo.com>
- Date: Sat, 6 Mar 1999 10:59:04 -0800 (PST)
- Resent-Date: Sat, 6 Mar 1999 11:00:00 -0800 (PST)
- Resent-From: outages-list@eskimo.com
- Resent-Message-ID: <"4B0c42.0.MR1.kiNus"@mx2>
- Resent-Sender: outages-list-request@eskimo.com
- Prev by Date: Seattle1 reboot
- Next by Date: Smurf Attack
- Prev by thread: DOS attacks - New filter rules
- Next by thread: Smurf Attack
- Index(es):
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Smurf Attack
Network outage this morning was caused by a smurf attack, this is where
someone forges ICMP echo request packets with a forged source address as one
of our hosts, or in this case the address of one of our dial-up customers, and
sends them to a site with an open broadcast address causing every host on that
network to send an ICMP echo reply to our address, saturating the T1 links.
We have had Sprint install a filter to block ICMP echo reply so that
other traffic can get through but this will break the ability to ping any site
from here while it is in place.