SMURF amplifier block list
Alex P. Rudnev
alex at Relcom.EU.net
Sun Apr 12 11:59:30 UTC 1998
Hi.
May be, someone will maintain such lists? First, it allow to fix smurf
source by 'log' option in the CISCO list; second, it'll prefere some
attacks.
On Sat, 11 Apr 1998, Karl Denninger wrote:
> Date: Sat, 11 Apr 1998 15:25:33 -0500
> From: Karl Denninger <karl at mcs.net>
> To: nanog at merit.edu
> Subject: SMURF amplifier block list
>
>
> The following networks and masks are banned from our network at the core due
> to being smurf amplifiers.
>
> When the folks who own these STOP THIS, we'll take them off the list.
> Contact me by TELEPHONE if you want to discuss this matter or what a Smurf
> is and why you should care.
>
> I'm going to start posting the blacklist here weekly in the hopes that peer
> pressure will cause people to clean up their acts. Until you DO clean up
> your act, you're not transiting our network - period.
>
> We're not going to accept this kind of vandalism and attractive nuisance any
> more. If you haven't disabled directed broadcast forwarding, you are a
> potential listee on this blacklist.
>
> DO IT NOW, or risk connectivity blockades.
>
> I urge all other network providers to block any identified smurf amplifier
> that they can verify, and to post their list as well.
>
> Only through public pressure can people be forced to CORRECTLY configure
> their networks to make these attacks impossible to launch.
>
> access-list 2 deny 128.118.0.0 0.0.255.255
> access-list 2 deny 129.24.0.0 0.0.255.255
> access-list 2 deny 129.111.0.0 0.0.255.255
> access-list 2 deny 129.100.0.0 0.0.255.255
> access-list 2 deny 128.40.0.0 0.0.255.255
> access-list 2 deny 129.101.0.0 0.0.255.255
> access-list 2 deny 203.64.0.0 0.0.255.255
> access-list 2 deny 129.115.0.0 0.0.255.255
> access-list 2 deny 203.108.225.0 0.0.0.255
> access-list 2 deny 129.60.0.0 0.0.255.255
> access-list 2 deny 137.79.0.0 0.0.255.255
> access-list 2 deny 130.37.0.0 0.0.255.255
> access-list 2 deny 130.70.0.0 0.0.255.255
> access-list 2 deny 203.108.236.0 0.0.0.255
> access-list 2 deny 132.169.0.0 0.0.255.255
> access-list 2 deny 129.107.0.0 0.0.255.255
> access-list 2 deny 129.49.0.0 0.0.255.255
> access-list 2 deny 129.96.0.0 0.0.255.255
> access-list 2 deny 130.65.0.0 0.0.255.255
> access-list 2 deny 134.205.0.0 0.0.255.255
> access-list 2 deny 129.29.0.0 0.0.255.255
> access-list 2 deny 204.48.224.0 0.0.0.255
> access-list 2 deny 205.177.49.0 0.0.0.255
> access-list 2 deny 204.47.208.0 0.0.0.255
> access-list 2 deny 204.242.172.0 0.0.0.255
> access-list 2 deny 194.6.129.0 0.0.0.255
> access-list 2 deny 206.31.78.0 0.0.0.255
> access-list 2 deny 207.211.60.0 0.0.0.255
> access-list 2 deny 206.27.242.0 0.0.0.255
> access-list 2 deny 207.175.67.0 0.0.0.255
>
>
> I'm sure there are more, but these are the ones blacklisted in our
> network configuration right now.
>
> --
> --
> Karl Denninger (karl at MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
> http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV
> | NEW! Corporate ISDN Prices dropped by up to 50%!
> Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
> Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG
mailing list