Hi Tim,
If you have any leverage, make sure you use it. If you are a big
customer, or a high-profile customer, hold it over their head and complain
until they do something about it. Unfortunately, this is a step you usually
have to take when dealing with large ISPs.
Thanks,
Abe
Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice 502-564-2020x225
E-mail [EMAIL PROTECTED]
Web http://www.kde.state.ky.us/
> -----Original Message-----
> From: Tim Gollschewsky [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 03, 2000 10:55 AM
> To: Firwall-1 List
> Subject: Re: [FW1] How do I stop being smurfed?
>
>
>
> My ISP won't do anything, they say filtering on their routers might
> "affect other customers".
>
> My reasoning would be:
> - They add one filter to one router (big job that).
> - This would stop the script kiddie's attack.
> - He would give up.
> - Bandwidth usage would go down on their main pipe (which gives all
> customers a better service).
>
> On Tue, Oct 03, 2000 at 04:49:27PM +0200, Jonas Thambert spoke thusly:
> > The IP stack will still process the packets and jam the
> internet access,
> > before
> > they are dropped. So its better to have your ISP do the
> > shitwork than you. They probably have better resources/pipes to
> > handle it.
> >
> > /Jonas
> >
> >
> >
> >
> > -----Original Message-----
> > From: Tim Gollschewsky [mailto:[EMAIL PROTECTED]]
> > Sent: den 3 oktober 2000 15:37
> > To: Firwall-1 List
> > Subject: Re: [FW1] How do I stop being smurfed?
> >
> >
> >
> > Yep, I'm running FW-1. I can drop the packets in my rulebase OK but
> > they still saturate the network in front of my box before I can drop
> > them.
> >
> > On Tue, Oct 03, 2000 at 08:18:52AM -0500, Jason LaFlair
> spoke thusly:
> > > are you running FW-1? If so make your first rule
> ICMP-Drop and that
> > should
> > > clear you up and block it yourself.
> > >
> > > If this doesn't help let me know and I can look into
> another solution.
> > >
> > > Jason LaFlair
> > > [EMAIL PROTECTED]
> > >
> > > ----- Original Message -----
> > > From: "Tim Gollschewsky" <[EMAIL PROTECTED]>
> > > To: "Firwall-1 List" <[EMAIL PROTECTED]>
> > > Sent: Tuesday, October 03, 2000 7:38 AM
> > > Subject: [FW1] How do I stop being smurfed?
> > >
> > >
> > > >
> > > > Hi,
> > > >
> > > > One of the sites I manage is currently under a heavy
> smurf attack, the
> > > > only way I can think of to stop it is to go upstream to
> my provider
> > > > and ask them to block echo-replys (or just ICMP) to the
> target machine,
> > > > but my provider (exodus) refuses to help. :(
> > > >
> > > > Is there ANYTHING else I can do?
> > > >
> > > > Thanks,
> > > >
> > > > Tim.
> > > >
> > > >
> > > >
> > >
> >
> ==============================================================
> ==============
> > > ====
> > > > To unsubscribe from this mailing list, please see
> the instructions
> > at
> > > > http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> >
> ==============================================================
> ==============
> > > ====
> > > >
> >
> >
> >
> ==============================================================
> ==============
> > ====
> > To unsubscribe from this mailing list, please see the
> instructions at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==============================================================
> ==============
> > ====
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
