Smurfable Networks

• Previous message (by thread): Smurfable Networks
• Next message (by thread): roamabout/wavelan and macs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: Brian Horvitz <horvitz at shore.net>
To: Richard Thomas <buglord at ex-pressnet.com>
Cc: nanog at merit.edu <nanog at merit.edu>
Date: Wednesday, July 22, 1998 2:51 PM
Subject: Re: Smurfable Networks


>Actually, it turns out that a some of what I posted were only echo replies
>from single hosts.  This was indeed a real smurf..at one point we were
>pulling about 50 Meg over 3 T3s.  The error I made was in generating the
>list of amplifier networks from my log files.  Networks with even one
>single echo reply to the target address were included in the list.  Such
>was the case with the net 12 entries - each one corresponded only to one
>IP address, not a whole network worth.

I tried about 30 from the list and didn't get a single dupe, but anyhow,
check out SmurfLog v1.1 available at http://www.sy.net/security by yours
truly, a much better way to gather only the guilty without generating 2 gig
log files in the process.

• Previous message (by thread): Smurfable Networks
• Next message (by thread): roamabout/wavelan and macs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]