SMURF amplifier block list
Alex P. Rudnev
alex at Relcom.EU.net
Sat Apr 18 18:44:56 UTC 1998
> What about people who didn't subnet their class B on the eight bit
> boundry, but made larger subnets instead? What about the class B that
> doesn't appear to be subnetted at all? What about supernetted class C
> networks? A trailing .255 can be a valid host.
And what's worng? If they di nit subnet their B network, the tail of
address should be .255 too.
If someone have particular .255 host - OK, you should not be able to ping
it, not more. The small fee for the free-of-smurfing-from-your-network.
> > Why don't use the filter
> >
> > deny icmp any 0.0.0.255 255.255.255.0 echo-request
Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot
of networks do not block aroadcast echo-request's; no one even know how
to trace thos 'echo-request' packets by their network... may be I am
wrong, and it's because there is _a lot of ISP_ there, and even a few af
them who do not know how to fight against SMURF compose a good backet - I
do not know.
Really; does anyone know any sucsessfull attempts to search for the
smurfer? What penalty was provided for this hackers? Does exist some
legitimate way to establish a lawsuite against them (when they'll be
located - last is the only matter of qualification for their nearest ISP,
not more).
More information about the NANOG
mailing list