smurf's attack...

Randy Bush writes...

> access-list XXX deny ip any 0.0.0.255 255.255.255.0

You must be kidding. Why not

access-list XXX deny ip any 0.0.0.42 255.255.255.0

I like...

access-list XXX deny ip any 0.0.0.1 255.255.255.254

...better.

If you are going to filter, you can just filter ICMP for now, thats the
major protocol used in the attack, that way you are only slightly
affecting those who might have a .255 address on one of their machines.

so
access-list xxx deny icmp any 0.0.0.255 255.255.255.0 and
access-list xxx deny icmp any 0.0.0.0 255.255.255.0 are pretty safe ones.

Oh yes, if you didn't notice already they are using the .0 network
address, and from what i've seen the amount of attacks launched using .0
as compared to .255 have been steadily rising.

And while turning off ip directed broadcast will mostly take care of this
issue, it's only a complete solution if your customers also do it, so
filtering is still a good idea IMHO.