> [...new(?) smurf-style DoS attack...]
> Prevention
> [...]
> The Internet Service Providers (ISPs) must take action to drop long
> ICMP packets in the backbone networks (any packet longer than 1499
> bytes, at least).
This strikes me as a very bad idea. It's rather like saying, NFS can
be used to attack insecure machines, so let's block NFS packets on
long-haul links: yes, it's true that such attacks are possible, but the
facility is useful and the *correct* thing to do is to secure the
insecure machines, not break the (useful) underlying facility for
everyone else. (Rather like the SSRR and LSRR IP options, though I
realize *that* fight was in practice lost long ago.)
der Mouse
[EMAIL PROTECTED]
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
