We have a major SMURF Denial of Service attack on us at present apparently
directed through us against one of our leased line clients who has an 8
address subnet.
The border router is a DEC Brouter as is the internal "post box" router
and the router on our end of the leased line is Cisco. All three have the
'no ip directed-broadcast' line against all interfaces.
The client has sent us a massive dump from his firewall which seems to
indicate that the pings are originating in our server (not router) as
certainly the address they show is the address of our server.
Of course the Alpha is a router by definition (and rc.config) and we run
gated. The op sys is 4.0G patch 1.
Can the SMURF use the Alpha as an amplifier and, if so, how can we stop
it please?
stuart mckenzie
Received on Wed Jan 10 2001 - 12:04:19 NZDT