smurf's attack...
Jon Lewis
jlewis at inorganic5.fdt.net
Sat Sep 6 19:14:58 UTC 1997
On Fri, 5 Sep 1997, Network Administrator wrote:
> The following network numbers were pulled from a program called "smurf".
As I feared would happen, there seem to be multiple versions of smurf out
with different amplifier network lists. FDT was smurfed for about an hour
last night, and of the list of broadcast addresses posted very few were used
in last night's attack...and a large number of the nets used were not in the
posted list.
Some of the more heavily populated (and thus nastier) amplification nets
used last night follow.
If you're on this list, PLEASE FIX YOUR ROUTERS. If you're using Cisco's,
its probably as simple as adding "no ip directed-broadcast" to the
ethernet interfaces on your routers.
Also, what's the deal with Internic allowing registrations with things
like nomailbox at NOWHERE? That's an incredibly useful contact. If Kent
Percival is in charge of a university's network, surely he has an email
address. Maybe it's time for a smurf amplifier blackhole list. If you're
used as a smurf amplifier, you get BGP blackholed for say 6 hours, and on
each subsequent occurance, the time doubles. I bet that would fix the
problem real fast.
[85 hosts responding]
SURAnet (NET-MAE-EAST)
8400 Baltimore Boulevard
College Park, MD 20740
Netname: MAE-EAST
Netnumber: 192.41.177.0
Coordinator:
SURAnet (SURA-NOC) noc at sura.net hostmaster at sura.net
(301) 982-3214
[24 hosts responding]
CNet (NETBLK-NETBLK-CNET)
150 Chestnut Street
San Francisco, CA 94111
US
Netname: NETBLK-CNET
Netblock: 204.162.80.0 - 204.162.87.0
Maintainer: RGN
Coordinator:
Emery, Ken (KE53) ken at CNET.COM
(415) 395-7805 x569
[32 hosts responding]
Internet Communications of America (NETBLK-UU-208-202-14)
1020 N.W. 163rd Drive
Miami, FL 33169
US
Netname: UU-208-202-14
Netblock: 208.202.14.0 - 208.202.15.255
Coordinator:
Neptune, Mark (MN182) postmaster at ICANET.NET
305-621-9200
[21 hosts responding]
LI Net Inc. (NET-LI-NET)
45 Manor Rd.
Smithtown, NY 11787
US
Netname: LI-NET
Netnumber: 199.171.6.0
Maintainer: LI
Coordinator:
Reilly, Michael (MR113) mpr at LI.NET
516-265-0997
Alternate Contact:
Harris, Jon (JH201) jon at LI.NET
516-265-0997
[29 hosts responding]
University of Guelph (NET-UOGUELPH)
Guelph, Ontario, N1G 2W1
CANADA
Netname: UOGUELPH
Netnumber: 131.104.0.0
Coordinator:
Percival, Kent (KP50) nomailbox at NOWHERE
+1 (519) 824-4120 ext. 6397
------------------------------------------------------------------
Jon Lewis <jlewis at fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
More information about the NANOG
mailing list