Another major smurf run

• Previous message (by thread): Another major smurf run
• Next message (by thread): Routing Policy and http://rs.arin.net/ip-allocation.html
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David,

Sorry for the flood of email.  I attempted to write a script to
parse cisco syslogs of a smurf attack and automatically mail contacts
listed in rwhois--looks like it doesn't work so well, particularly
in the case of APNIC and RIPE blocks.  I will stop using it.

If anyone has something that works better, I'd love to get a copy.


David R. Conrad writes:
> Due to the unfortunate inability for some ISPs to read statements like:
> 
>   *** please refer to whois.apnic.net for more information ***
>    *** before contacting APNIC                              ***
> 
> I have been receiving quite a few demands to fix "my" smurf amplifying
> networks (in particular, one Jon Lusky <lusky at earth.voyageronline.net> has
> been daily sending me a note containing the entirety of Craig's document
> for each of the APNIC delegated networks that shows up in your list.  There
> are (sadly, far too many) others, but usually when I send back the canned
> "APNIC is a registry, check here for more information" message, they get
> the hint.  Mr. Lusky is apparently "special").
> 
> Would it be possible to hit APNIC's whois server for addresses in the APNIC
> blocks (202/7, 210/7, 61/8) before installing them in your web page?
> 
> Thanks,
> -drc


-- 
Jonathan R. Lusky		|  Voyager Online, LLC
Director of Network Operations	|  (423) 209-2929
lusky at voyageronline.net		|  Unlimited PPP $19.95/mo
http://www.hotrod.com		|  http://www.voyageronline.net

• Previous message (by thread): Another major smurf run
• Next message (by thread): Routing Policy and http://rs.arin.net/ip-allocation.html
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]