Craig A. Huegen
<chuegen@cisco.com>
Smurf Attack Description &
Supression
NANOG 11 7
Prevention Techniques
•How to
prevent being a “bounce site”:
Turn off
directed broadcasts to subnets with 5 hosts or more
Cisco: Interface command “no ip
directed-broadcast”
Proteon: IP protocol configuration “disable
directed-broadcast”
Bay
Networks: Set a false static ARP
address for bcast address
Use access
control lists (if necessary) to prevent ICMP echo requests from entering your network
Probably not
an elegant solution; makes troubleshooting difficult
Encourage
vendors to turn off replies for ICMP echos to broadcast addresses
Host
Requirements RFC-1122 Section 3.2.2.6 states “An ICMP Echo Request destined to an IP broadcast or IP multicast
address MAY be silently
discarded.”
Patches are
available for free UNIX-ish operating systems.