Network Operators and smurf

D'Arcy J.M. Cain darcy at
Mon Apr 27 03:34:46 UTC 1998

Thus spake Karl Denninger
> I will remove those blocks when I can PROVE that they can no longer be used
> as a smurf amplifier.  To date, NOBODY on the list has come forward and said
> "we've audited and fixed, please remove the block".

I have got one site to fix their routers.  It's the DISA Information Systems
Center on netblock  I explained the situation and gave them
a few pointers.  A few days laterthey had fixed it and they no longer
act as an amplifier.  Very satisfying.

Another one,, bounced my email but they seem to have fixed
their routers anyway.  Perhaps someone local called them up and harrassed
them about it.  

> PSU (which is on the list) said "we're looking into it" but that was more
> than two weeks ago! How long does it take to telnet into your routers and
> check the ethernet interfaces for the correct configuration?  A day or so?
> Perhaps, even if you have a HUGE netwokr.

Perhaps when pointing at problem networks, just mention the netblock.
That way we can compare it with our own lists.

Here's one that seems particularly troublesome and I know it is in your
list as well.

---- PING Statistics----
2 packets transmitted, 2 packets received, +110 duplicates, 0% packet loss
In Karl's list
descr:       University of Texas at San Antonio
descr:       7000 NW Loop 1604
descr:       San Antonio
descr:       TX 78285, USA
origin:      AS3354
comm-list:   COMM_NSFNET
advisory:    AS690 1:1800 2:1239
mnt-by:      MAINT-AS3354
changed:     selina at 951010
source:      RADB

University of Texas at San Antonio (UTSA-DOM)
   Computing Resources  
   7000 NW Loop 1604
   San Antonio, TX 78285
   Domain Name: UTSA.EDU
   Administrative Contact:
      Massey, John  (JM828)  CRJWM at UTSA86.UTSA.EDU
      (512) 691-4555 
   Technical Contact, Zone Contact:
      Dominguez, Joaquin  (JD386)  3CRJXD at UTSA86.UTSA.EDU
      (512) 691-4555

   Record last updated on 09-Sep-93.
   Record created on 14-Dec-90.
   Database last updated on 15-Apr-98 03:43:36 EDT.

   Domain servers in listed order:


Looks to me like they have been running on autopilot for 5 years.  I
sent email to the contact addresses and, since I had doubts that they
were valid addresses, I copied root and hostmaster.  Root and hostmaster
bounced and the others seem to have been completely ignored.  Perhaps
someone closer to them can poke around and see what the situation is.

This is great because each success has a significant overall effect.

D'Arcy J.M. Cain <[email protected]{druid|vex}.net>   |  Democracy is three wolves                |  and a sheep voting on
+1 416 424 2871     (DoD#0082)    (eNTP)   |  what's for dinner.

More information about the NANOG mailing list