> A Smurf attack is effective just by the sheer weight of traffic sent to you, > rather than because of any weakness in your host, so unfortunately there is > nothing you can do on your host to harden it against this type of onslaught. How about: - blocking ICMP directed at broadcast addreses? - setting /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts to 1 - adding anti-spoofing rules, smurf attacks may have spoofed IPs, and that is when the attack gets its sharp edge. It may be spoofed as if it is originating from your network.
The same goes for fraggle attacks, those are UDP brodcast packets to unserved ports with spoofed IPs. If the destination and source IPs are in the same subnet, we can have the net attacking itself. I guess that is what we are talking about. Regards, Maciej Soltysiak
