Re: [SonicWALL]- Smurf Amplification Attack ???? What's up with that???

[Darrell Shandrow]

Title: Message

Hi Greg,   Your firewall is already blocking these attacks, so it is doing its job.  There's really not anything else you can do about these unless your ISP is willing to block ICMP traffic from reaching you altogether.  If there's really a huge amount of this traffic, then, yes, this could have a potentially negative impact on VPN connectivity, especially if the connection isn't over a large pipe.  How is your general Internet performance from that end of your network?  If it is slower than usual, then you have likely found at least a part of your issue.  You might also want to enable fragmented packet handling in VPN/Summary on the remote end.              Darrell Shandrow - Shandrow Communications! Technology consultant/instructor, network/systems administrator! A+, CCNA, Network+! Check out high quality telecommunications services at http://ld.net/?nu7i All the best to coalition forces carrying out Operation Iraqi Freedom! ----- Original Message ----- From: Gregory O'Strander To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 2:59 PM Subject: RE: [SonicWALL]- Smurf Amplification Attack ???? What's up with that??? Woops! Sent too fast. -----Original Message----- From: Gregory O'Strander Sent: Thursday, August 28, 2003 2:39 PM To: [EMAIL PROTECTED] Subject: [SonicWALL]- Smurf Amplification Attack ???? What's up with that??? Situation: Remote (Tele 3) VPN connection to our Local (SOHO 2) via a cable internet connection (Adelphia). In the past couple of days, this VPN has been unstable as heck - dropping every 5 minutes or so.  Anyway, events from remote SW shows a ton of these: 08/28/2003 14:14:07.528 -       Smurf Amplification Attack Dropped -    Source:68.67.33.63, 8, WAN -    Destination:68.67.33.255, 8, WAN -       -       where the Source appears to be from various routers on adelphia.net to a broadcast (.255 right?). A call to adelphia didn't help me, other than telling me that they are having a major problem nationwide with a SQL (slammer??) worm on their network. I guess that this could be causing problems with traffic and dropped VPN Connections. but I'm just guessing here. All other VPN Connections are good (3 others to various remote sites) Can anyone give me an idea on what's going on with the Smurf thing, and / or how to correct it or stop the events if they are false? SW Soho2 and Tele 3's FW 6.4.2.0 Your help is greatly appreciated. Thanks, Greg O'Strander, RCDD ILA + Zammit Engineering Ph. (858) 279-0242