Technology by Jacob Dybala

I have been getting "IP subnet broadcast amplification" errors in the security log of my Netopia 3364N ADSL modem. Searching for any information on Google turned out being a waste of time (the only post I found was on Experts Exchange [http://www.experts-exchange.com/Security/Q_21756799.html ] and the solution was… buying a Cisco modem which is not a fix to the original problem).

Calling AT&T and speaking with DSL support (on an unrelated problem, but I figured I can ask anyway), then with Advanced Internet Services support did not help either. In both cases I was told that they did not know what that security log error meant. I understand that AT&T cannot support every modem on the market but… it was them that supplied me with this model! So I contacted Netopia support and after a few minutes on the online chat I simply gave up.

What was so hard to find turned out being so easy to understand. The "IP Subnet Broadcast Amplification" was nothing more than an attempted smurf attack . The idea behind such an attack is simple: the attacker sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses using the spoofed source address of the intended victim. The result of such an attack can be devastating as hosts on the pinged network will respond with ICMP traffic directed at the spoofed address. In some cases this may result in hundreds of hosts responding. Most modern network equipment is protected against DoS services attacks such as smurfing and other types as well.

To sum things up: the solutions found online and "help" received from ATT and Netopia were of no help at all. Purchasing a replacement "simply because" is not a solution to any problem but once again, research helped solve a problem, which in the end turned out not being a problem any way.