more directed broadcast attacks

Kelly J. Cooper kcooper at bbnplanet.com
Sat Mar 28 00:21:15 UTC 1998


Something on the order of 100 networks all tried to send as many echo
response packets as possible down a little 56Kb pipe on my network
today (from ~19:00 - 21:00 GMT today, 27 March 1998) and I couldn't 
reach a single network-owning site to get it shut down because ALL of 
the networks abused were in the Asian Pacific area, where it was NOT 
business hours.  So the individual numbers listed with the various 
NICs were useless & the main numbers were rather difficult to find 
and/or parse from the POV of another country.

Needless to say, I did not have any fun today.

And, although it is very tempting to just post the list of networks 
that were abused I decided not to (instead, I contacted our peers who 
are upstream of the various networks and asked them to educate their
downstreams because we've noticed an increase in attacks every time
someone posts a list of vulnerable networks to NANOG).

But I would like to forward this subset of the networks I pulled out 
of my accounting data during the attack and post them here as MY VOTE 
on why using RFC 1918 nets on an exterior net can be a Bad Idea:

 10.15.1.254 
 10.21.1.11  
 10.21.1.90  
 10.21.1.191 
 10.21.1.193 
 10.21.1.195 
 10.21.1.196 
 10.21.1.197 
 10.21.1.199 
 10.21.1.200 
 10.21.1.201 
 10.21.1.202 
 10.21.1.203 
 10.21.1.205 
 10.21.1.206 
 10.21.1.207 
 10.21.1.208 
 10.21.1.209 
 10.21.2.53  
 10.21.2.100 
 127.0.0.2   
 172.16.31.3 
 172.16.31.10
 172.16.31.11
 172.16.31.249
 172.16.71.11 
 172.16.71.12 
 172.16.71.180
 192.168.1.1  

Regards,
Kelly J.

-- 
Kelly J. Cooper     -     Internet Security Officer
GTE Internetworking - Powered by BBN - 800-632-7638 
150 Cambridge Park Drive         Fax - 617-873-5508
Cambridge, MA  02140             http://www.bbn.com



More information about the NANOG mailing list