Smurfable Networks
Richard Thomas
buglord at ex-pressnet.com
Thu Jul 23 06:58:57 UTC 1998
-----Original Message-----
From: Brian Horvitz <horvitz at shore.net>
To: Richard Thomas <buglord at ex-pressnet.com>
Cc: nanog at merit.edu <nanog at merit.edu>
Date: Wednesday, July 22, 1998 2:51 PM
Subject: Re: Smurfable Networks
>Actually, it turns out that a some of what I posted were only echo replies
>from single hosts. This was indeed a real smurf..at one point we were
>pulling about 50 Meg over 3 T3s. The error I made was in generating the
>list of amplifier networks from my log files. Networks with even one
>single echo reply to the target address were included in the list. Such
>was the case with the net 12 entries - each one corresponded only to one
>IP address, not a whole network worth.
I tried about 30 from the list and didn't get a single dupe, but anyhow,
check out SmurfLog v1.1 available at http://www.sy.net/security by yours
truly, a much better way to gather only the guilty without generating 2 gig
log files in the process.
More information about the NANOG
mailing list