You can't stop being the victim of a smurf attack.
The reflector networks which allow directed broadcasts (large percentage appear to be
govt/mil routers)
are the source of the traffic and you don't have administrative control over them.
What you can do is make sure you are not a reflector network and make sure that nobody
on your
network is infected with TFN2000.
----- Original Message -----
From: "Ejvind Kristian" <[EMAIL PROTECTED]>
To: "'Tim Gollschewsky'" <[EMAIL PROTECTED]>; "Firwall-1 List"
<[EMAIL PROTECTED]>
Sent: Tuesday, October 03, 2000 9:15 AM
Subject: RE: [FW1] How do I stop being smurfed?
>
> > Is there ANYTHING else I can do?
>
> If you've got a solaris fw-1, add
>
> ndd -set /dev/ip ip_forward_directed_broadcasts
> ndd -set /dev/ip ip_respond_to_address_mask_broadcast
>
> to your startup scripts.
>
> If you're using Cisco's, add
>
> no ip directed-broadcast
>
> to _all_ interface sections on all routers. (IOS 12.0
> and later disables directed broadcasts by default)
>
> /Kristian
>
> -----------------------------------------
> Kristian Ejvind - [EMAIL PROTECTED]
> System admin at SPP Investment Management
> -----------------------------------------
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
