smurf's attack...

• Previous message (by thread): smurf's attack...
• Next message (by thread): Annoying Ascend GRF thread
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 5 Sep 1997, Network Administrator wrote:

> The following network numbers were pulled from a program called "smurf".

As I feared would happen, there seem to be multiple versions of smurf out
with different amplifier network lists.  FDT was smurfed for about an hour
last night, and of the list of broadcast addresses posted very few were used
in last night's attack...and a large number of the nets used were not in the
posted list.

Some of the more heavily populated (and thus nastier) amplification nets
used last night follow.

If you're on this list, PLEASE FIX YOUR ROUTERS.  If you're using Cisco's,
its probably as simple as adding "no ip directed-broadcast" to the
ethernet interfaces on your routers.

Also, what's the deal with Internic allowing registrations with things
like nomailbox at NOWHERE?  That's an incredibly useful contact.  If Kent
Percival is in charge of a university's network, surely he has an email
address.  Maybe it's time for a smurf amplifier blackhole list.  If you're
used as a smurf amplifier, you get BGP blackholed for say 6 hours, and on
each subsequent occurance, the time doubles.  I bet that would fix the
problem real fast. 

[85 hosts responding]
SURAnet (NET-MAE-EAST)
   8400 Baltimore Boulevard
   College Park, MD  20740

   Netname: MAE-EAST
   Netnumber: 192.41.177.0

   Coordinator:
      SURAnet  (SURA-NOC)  noc at sura.net   hostmaster at sura.net
      (301) 982-3214

[24 hosts responding]
CNet (NETBLK-NETBLK-CNET)
   150 Chestnut Street
   San Francisco, CA 94111
   US

   Netname: NETBLK-CNET
   Netblock: 204.162.80.0 - 204.162.87.0
   Maintainer: RGN

   Coordinator:
      Emery, Ken  (KE53)  ken at CNET.COM
      (415) 395-7805 x569

[32 hosts responding]
Internet Communications of America (NETBLK-UU-208-202-14)
   1020 N.W. 163rd Drive
   Miami, FL 33169
   US

   Netname: UU-208-202-14
   Netblock: 208.202.14.0 - 208.202.15.255

   Coordinator:
      Neptune, Mark  (MN182)  postmaster at ICANET.NET
      305-621-9200


[21 hosts responding]
LI Net Inc. (NET-LI-NET)
   45 Manor Rd.
   Smithtown, NY 11787
   US

   Netname: LI-NET
   Netnumber: 199.171.6.0
   Maintainer: LI

   Coordinator:
      Reilly, Michael  (MR113)  mpr at LI.NET
      516-265-0997
   Alternate Contact:
      Harris, Jon  (JH201)  jon at LI.NET
      516-265-0997

[29 hosts responding]
University of Guelph (NET-UOGUELPH)
   Guelph, Ontario, N1G 2W1
   CANADA

   Netname: UOGUELPH
   Netnumber: 131.104.0.0

   Coordinator:
      Percival, Kent  (KP50)  nomailbox at NOWHERE
      +1 (519) 824-4120 ext. 6397

------------------------------------------------------------------
 Jon Lewis <jlewis at fdt.net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

• Previous message (by thread): smurf's attack...
• Next message (by thread): Annoying Ascend GRF thread
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]