SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!
NOC
NOC at mercury.balink.com
Thu Apr 30 19:44:58 UTC 1998
Erik,
The script I wrote isn't really that smart... It just looks for two IP's
within the same /24 that were sending some kind of ICMP packet to the
victim machine. Since NetFlow logs don't break ICMP down to the type
and codes, I had to unilaterally make that decision. If your network is
clean, I sincerely apologize for any embarrassment or hassle this may
have caused, and I will remove it from the list.
Regards,
Christian
>-----Original Message-----
>From: Erik Muller [SMTP:nc0773 at corp.netcom.com]
>Sent: Thursday, April 30, 1998 12:14 PM
>To: Martin, Christian
>Subject: Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!
>
>
>> 163.179.230.0
>
>This one's mine... the entire /24 is broken down as /30s, and .255 will
>respond with nothing more sinister than an ICMP unreachable. Any details
>on what results you saw that pointed to this network as an offender would
>be appreciated (since I can't see any danger from it).
>
>----------------------------------------------------------------------------
>Erik Muller, Network Engineer emuller at noc.netcom.net
>NETCOM Network Services Support NETCOM On-Line Communication Services
>
>
>On Wed, 29 Apr 1998, Martin, Christian wrote:
>
>> All,
>>
>> Here is my contribution to the block list. The script that generated
>> this will follow. It is 'public domain', in that it can be modified,
>> BUT, please give credit where credit is due!
>>
More information about the NANOG
mailing list