Tool for automatically educating smurf amplifiers ...
Doug McLaren
dougmc at feeding.frenzy.com
Mon Jul 6 18:04:37 UTC 1998
Lately one of our machines has been the target of several smurf
attacks (no idea why, probably some user kicked off an IRCer from
their channel or something equally silly) and so I set out to email
each of the sites used as smurf amplifiers ...
I couldn't find any sort of tool to do this for me, so I wrote one.
It's certainly still needs some work, but I think it'll be useful in
it's current condition to anybody else who's tried to do this.
If we can notify the smurf amplifiers that they're being abused and
let them know what they need to do to fix it, maybe we can make smurf
attacks a thing of the past (or at least less effective, as the
smurfers will have to look harder to find good amplifiers.)
In any event, you can get my program at :
http://www.frenzy.com/~dougmc/smurf-complain.pl
There's lots of room for improvements, so if you have some changes, by
all means send them to me.
It uses `ipw' to get contact information. If you don't have `ipw',
get it from :
http://www.e-scrub.com/ipw
Also, while you may wish to use `tcpdump' or look at your router's
logs to see where the ICMP echo reply packets were coming from, I was
using icmpinfo, which you can get from :
http://hplyot.obspm.fr/~dl/icmpinfo.html
So far, after running the program once and sending out about 50
emails, I've gotten about 17 bounces and about 15 emails saying
they'll fix or have fixed their routers, and two or three emails
asking for details or a more clear explanation ... fairly promising.
--
Doug McLaren, dougmc at frenzy.com
Unsolicited email of a commercial or advertising nature is not welcomed.
More information about the NANOG
mailing list