Where were you when we tried to explain this to _our_ IT department!
As a bit of history, from another security related field which firewall
people might find interesting:
Smurfing also means a money laundering tactic where hundreds of individual
"smurfs" deposit small amounts of cash, below the reporting limit, at
thousands of banks, often moving across the country to do so. Miami appears
to get the credit for this invention, with a famous "Papa Smurf" running the
largest organization.
-burt
> -----Original Message-----
> From: Sam James [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, September 02, 1999 11:09 AM
> To: W Joel Gridley; Burton Rosenberg; 'Sujeet Nayak';
> [EMAIL PROTECTED]
> Subject: RE: More on ICMP filtering
>
> Just so everyone knows how to do this and be good citizens.
> This will keep you from being a smurf amplifier.
>
> Cisco
> no ip directed-broadcast
>
> Bay Networks hardware
> run "bcc", then "config", "ip", and last, "directed-bcast disabled"
>
> Ascend
> Ethernet -> Mod Config -> Forward Directed Bcast=No
>
> For more information see:
> http://www.netscan.org
> and
> http://users.quadrunner.com/chuegen/smurf.cgi
>
> If your worried about the ping of death for some reason, deny icmp
> fragments.
>
>
> Sam James
> BSCWest
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of W Joel Gridley
> > Sent: Wednesday, September 01, 1999 11:53 PM
> > To: Burton Rosenberg; 'Sujeet Nayak'; [EMAIL PROTECTED]
> > Subject: RE: More on ICMP filtering
> >
> >
> > Why filter ICMP when you can configure your hosts/routers not to respond
> > to a ECHO request on the broadcast address?
> >
> >
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
