> [...new(?) smurf-style DoS attack...] > Prevention > [...] > The Internet Service Providers (ISPs) must take action to drop long > ICMP packets in the backbone networks (any packet longer than 1499 > bytes, at least). This strikes me as a very bad idea. It's rather like saying, NFS can be used to attack insecure machines, so let's block NFS packets on long-haul links: yes, it's true that such attacks are possible, but the facility is useful and the *correct* thing to do is to secure the insecure machines, not break the (useful) underlying facility for everyone else. (Rather like the SSRR and LSRR IP options, though I realize *that* fight was in practice lost long ago.) der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:25:11 PDT