Craig A. Huegen
<chuegen@cisco.com>
Smurf Attack Description &
Supression
NANOG 11 6
Prevention Techniques
•How
to prevent your network from being the source
of the attack:
Apply
filters to each customer network
Ingress:
Allow only
those packets with source addresses within the customer’s assigned netblocks
Apply
filters to your upstreams
Egress:
Allow only
those packets with source addresses within your netblocks to protect others
Ingress:
Deny those
packets with source addresses within your netblocks to protect yourself
•This also
prevents other forms of attacks as well