SMURF amplifier block list
Alex P. Rudnev
alex at Relcom.EU.net
Mon Apr 20 11:21:20 UTC 1998
I do not know. I think it's urgent nessecaty to create some method to
back-trace any SRC address, realised (at least) by CISCO, because it's
clean we are not ready (we - hw. vendors, CEF is too new and unchecked
futore and do not work at middle-class routers and access-servers where
it's place for the SRC filtering) to make strict src-filtering at the
customer-links level.
On Sun, 19 Apr 1998 jlixfeld at idirect.ca wrote:
> Date: Sun, 19 Apr 1998 18:48:32 -0400 (EDT)
> From: jlixfeld at idirect.ca
> To: "Alex P. Rudnev" <alex at Relcom.EU.net>
> Cc: Dan Boehlke <dboehlke at mr.net>, Dean Anderson <dean at av8.com>,
> nanog at merit.edu
> Subject: Re: SMURF amplifier block list
>
> Cisco has a method of tracing SMuRF, do they not? Anyone know how they do
> it?! Is it some imbedded thing, or do they call the owners of each
> network and pray that they have Ciscos?
>
> On Sat, 18 Apr 1998, Alex P. Rudnev wrote:
>
> :> What about people who didn't subnet their class B on the eight bit
> :> boundry, but made larger subnets instead? What about the class B that
> :> doesn't appear to be subnetted at all? What about supernetted class C
> :> networks? A trailing .255 can be a valid host.
> :And what's worng? If they di nit subnet their B network, the tail of
> :address should be .255 too.
> :
> :If someone have particular .255 host - OK, you should not be able to ping
> :it, not more. The small fee for the free-of-smurfing-from-your-network.
> :
> :> > Why don't use the filter
> :> >
> :> > deny icmp any 0.0.0.255 255.255.255.0 echo-request
> :Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot
> :of networks do not block aroadcast echo-request's; no one even know how
> :to trace thos 'echo-request' packets by their network... may be I am
> :wrong, and it's because there is _a lot of ISP_ there, and even a few af
> :them who do not know how to fight against SMURF compose a good backet - I
> :do not know.
> :
> :Really; does anyone know any sucsessfull attempts to search for the
> :smurfer? What penalty was provided for this hackers? Does exist some
> :legitimate way to establish a lawsuite against them (when they'll be
> :located - last is the only matter of qualification for their nearest ISP,
> :not more).
> :
> :
>
> --
> Regards,
>
> Jason A. Lixfeld jlixfeld at idirect.ca
> iDirect Network Operations jlixfeld at torontointernetxchange.net
>
> ---------------------------------------------------------------------
> TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company"
> Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs"
> 5415 Dundas Street West | http://www.torontointernetxchange.net
> Suite 301, Toronto Ontario | (416) 236-5806 (T)
> M9B-1B5 CANADA | (416) 236-5804 (F)
> ---------------------------------------------------------------------
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG
mailing list