Just so everyone knows how to do this and be good citizens.
This will keep you from being a smurf amplifier.
Cisco
no ip directed-broadcast
Bay Networks hardware
run "bcc", then "config", "ip", and last, "directed-bcast disabled"
Ascend
Ethernet -> Mod Config -> Forward Directed Bcast=No
For more information see:
http://www.netscan.org
and
http://users.quadrunner.com/chuegen/smurf.cgi
If your worried about the ping of death for some reason, deny icmp
fragments.
Sam James
BSCWest
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of W Joel Gridley
> Sent: Wednesday, September 01, 1999 11:53 PM
> To: Burton Rosenberg; 'Sujeet Nayak'; [EMAIL PROTECTED]
> Subject: RE: More on ICMP filtering
>
>
> Why filter ICMP when you can configure your hosts/routers not to respond
> to a ECHO request on the broadcast address?
>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
