> I'm currently being smurfed to death.
> Attack is using one of my downstream customers networks as the amplifier.
> The attack is using 70% of my bandwidth.
> The customer has an IRX112 which is billed as a "FireWall Router"
>
> Livingston Tech support has refused to help.
> They will not help with writing filters for customers or provide examples
> for "Legal Reasons"
> A call to my sales rep has also not resulted in any action.
>
> I need an example of a filter that will stop someone outside their network
> from pinging the broadcast address.
>
> Is there a decent primer on Livingston Filters with examples and comments?
>
> The one on the web site stinks.
>
> The other option is to pull the expensive "FireWall Router" and replace
> with a simple Cisco 2501 and put in the no ip-directed broadcasts command,
> and go to bed.
>
> Comments, criticisms and suggestions welcome.
add filter smurf.in
set filter smurf.in 1 deny 0.0.0.0/0 XXX.YYY.ZZZ.255/32
set filter smurf.in 2 permit
set ether? ifilter smurf.in
save all
Substitute the real class C address for the address and apply the filter
to the ethernet interface that is the source of the trouble.
Line 1 matches any source address and only the broadcast address of the
destination network.
Doug Ingraham The best defense against logic is ignorance.
Rapid City, SD
USA
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>