smurf's attack...

David Papp david at oanet.com
Fri Sep 5 15:43:46 UTC 1997


What are the implications of turning off "ip directed broadcasts" on our 
routers? Or is this something that all backbone providers or ISPs 
automatically do (kind of like "ip classless" and "ip subnet-zero")?

Thx...David

* David Papp       |  4907-99 Street   | Phone: +1.403.430.0811 *
* Manager          | Edmonton, Alberta |   Fax: +1.403.436.9963 *
* OA Internet Inc. |  Canada, T6E 4Y1  | Email: david at oanet.com *

On Fri, 5 Sep 1997, Network Administrator wrote:
> The following network numbers were pulled from a program called "smurf".
> The program sends a large amount of spoofed traffic at broadcast addresses, 
> hoping their echo packets will be magnified and sent to the spoofed address.  
> The providers/machines most commonly hit are IRC servers and providers.
> To prevent from being an intermediary, one must turn off "ip directed
> broadcasts" on the router's interface.
> 
> 
>       "198.3.101.255",   "204.71.177.0",    "192.41.177.255",
>       "206.13.28.255",   "144.228.20.255",  "206.137.184.255",
>       "198.32.186.255",  "130.63.236.255",  "208.202.14.255",
>       "208.131.162.255", "199.171.6.255",   "207.124.104.255",
>       "205.180.58.255",  "198.3.98.0",      "131.104.96.255",
>       "143.43.32.0",     "131.215.48.0",    "204.117.214.0",
>       "143.43.32.255",
>       "130.235.20.255",  "206.79.254.255",  "199.222.42.255",
>       "204.71.242.255",  "204.162.80.0",    "128.194.103.255",
>       "207.221.53.255",  "207.126.113.255", "198.53.145.255",
>       "209.25.21.255",   "194.51.83.255",   "207.51.48.255",
>       "129.130.12.255",  "192.231.221.255", "168.17.197.255",
>       "198.242.55.255",  "130.160.224.255", "128.83.40.255",
>       "131.215.48.255",  "169.130.10.255",  "207.20.7.255",
>       "163.179.1.0",     "129.16.1.0",      "128.122.27.255",
>       "132.236.230.255", "198.32.146.255",  "192.41.177.0",
>       "192.41.177.255",  "203.25.25.255",   "128.82.4.255",
>       "128.6.5.255",     "206.80.169.255"   "204.71.154.255"
>       "204.127.236.255", "192.41.177.255",  "129.200.193.255"
>       "130.1.200.255",   "130.1.91.255",    "130.1.87.255"
>       "207.155.93.255",  "129.245.110.255", "207.155.121.255"
>       "203.252.5.255",   "128.6.5.255",     "128.82.4.255"
>       "129.245.75.255",  "129.245.5.255",   "206.7.114.255"
>       "130.1.200.255",   "129.245.17.255",  "129.245.15.255"
> 
> 
> 
> 
> 



More information about the NANOG mailing list