SMURF amplifier block list

• Previous message (by thread): SMURF amplifier block list
• Next message (by thread): SMURF amplifier block list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Whew.  I actaully did the right think when I put up my filter and did the
network addresses aswell.

Yippie!! I was proactive!

=)

On Mon, 20 Apr 1998, Brandon Ross wrote:

:On Sun, 19 Apr 1998, Jeremiah Kristal wrote:
:
:> On Sat, 18 Apr 1998, Alex P. Rudnev wrote:  >
:> 
:> I know that this week there was a smurf attack that was tracked to the
:> source.  I'm not sure what will happen to him.  Hopefully someone from the
:> NOC that caught him will let us know.
:
:That was us, and we do plan on prosecuting.  We're in the process of
:collecting information now.
:
:Something that happened during this attack should be a great concern to
:all of us.  In addition to the usual broadcast addresses being used as
:amplifiers for this smurf attack, the attacker also used network
:addresses.  It seems that many stacks and routers will respond to a
:packet with a network address in the same way as a broadcast address.
:
:Luckily Cisco's "no ip directed-broadcast" already took that into account
:and blocks those packets, however, if you don't have a Cisco and are
:having to configure manual filters to avoid being an amplifier site, you
:_must_ filter out network addresses as well as broadcast addresses.
:
:Please, spread the word.
:
:P.S. I'd like to publicly thank Icon, Digex, and BBN as well as the EPA
:(yes folks, the Environmental Protection Agency, they were being used as
:an amplifier in this attack) for their help in tracing this attack to the
:source.
:
:Brandon Ross            Network Engineering     404-815-0770 800-719-4664
:Director, Network Engineering, MindSpring Ent., Inc.  info at mindspring.com
:Mosher's Law of Software Engineering:  Don't worry if it doesn't work
:right.  If everything did, you'd be out of a job.
:
:

--
Regards,  

Jason A. Lixfeld             jlixfeld at idirect.ca
iDirect Network Operations   jlixfeld at torontointernetxchange.net

---------------------------------------------------------------------
TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
5415 Dundas Street West      | http://www.torontointernetxchange.net
Suite 301, Toronto Ontario   | (416) 236-5806	     (T)
M9B-1B5 CANADA               | (416) 236-5804        (F)
---------------------------------------------------------------------

• Previous message (by thread): SMURF amplifier block list
• Next message (by thread): SMURF amplifier block list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]