Re: Tracking stealth portscan/pepsi attacks
As a side note, does anybody use anything to prevent address spoofing in their network? That would at prevent a lot of attacks completly and make tracing the rest much easier.
RFC 2267 describes most of the measures that should be taken at the router level. I'm not sure how many ISPs implemented everything recommended in that document. Regards, Beri .-------. | --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI@etf.bg.ac.yu | /|\ Hostmaster of the YU TLD | |-(-+-)-| School of Electrical Engineering | Phone: (+381-11) 3221-419 | \|/ Bulevar Revolucije 73 | 3218-350 | --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11) 3248-681 `-------' --------------------------------------------------------------------
On Thu, 2 Sep 1999, Berislav Todorovic wrote:
RFC 2267 describes most of the measures that should be taken at the router level. I'm not sure how many ISPs implemented everything recommended in that document.
This document doesn't mention the very important statement "no ip directed-broadcast" for dealing with smurf attacks. Please use this command on each interface whenever possible. Check your network at http://www.powertech.no/smurf/. Kind Regards, Patrick Schreurs. -- Ing. W.P. Schreurs S u p p o r t N e t Email: beheer@supportnet.nl Private: patrick@support.nl Partner in Web: http://www.supportnet.nl/ Internetworking Kruislaan 419, 1098 VA Amsterdam, The Netherlands Phone: +31 (0)20 693 54 54, Fax: +31 (0)20 668 61 66
participants (2)
-
Berislav Todorovic -
patricksīŧ support.nl