Keep an eye out for a lot of traffic from / to ip protocol 255. We were attacked a couple of nights ago with a DDOS from 6 sites around the world. Our firewall detected unusual traffic and paged us. On our international router I found excessive traffic to one of our servers, using ip protocol 255. (not used by that server). An access list fixed the problem. Please go to www.fbi.gov. They have tools you can use to scan for DDOS software on your servers / Network. /Martin Forest -- Martin Forest Senior Internet Engineer ICONZ - an Asia Online Company Ph: +64 9 358 1186 Fax: +64 9 300 3122 http://www.iconz.co.nz http://www.asiaonlineltd.com Caution - The information contained in this e-mail (and any accompanying documents) may be legally privileged and confidential. The information is intended only for the recipient named in this message. If you are not the named recipient, you must not peruse, use, disseminate or copy any information received in or with this e-mail. If you have received this e-mail in error, please telephone us on 0800 THE NET (0800 843 638) or reply to this e-mail. Josh Bailey wrote:
On Mon, 14 Feb 2000, Roger De Salis wrote:
Had the target insisted the ISP put the "no ip directed broadcast" command on the outgoing line from the ISP to the target, then the Smurf would have not worked.
On the same topic - the Lucent/Ascend equivalent of this is IP-GLOBAL/icmp-reply-directed-bcast, IP-INT/directed-broadcast-allowed, or (on the LCD interface), Ethernet/Mod Config/Reply DirectedBcast and Forward Directed Bcast.
In addition, I strongly recommend usage of the Ascend-Source-IP-Check RADIUS attribute in your default RADIUS reply profile. This attribute tells the NAS to enforce the netmask on the *source* address of packets coming in a switched connection. This lets you dispose of all spoofed packets from dialups without the use of a explicit, hard to maintain (and CPU expensive) filter (needs TAOS 7.x and later).
-- Josh Bailey (joshbailey(a)lucent.com) "Josh is... at large" -- F.W.
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog