[nanog] More smurf networks. FIX YOUR ROUTERS.
Stephen Balbach
stephen at clark.net
Fri May 29 08:17:52 UTC 1998
Its not hard to block /24's at the core of your network
What about subnet assignments to customers using CPE that do not have
directed broadcast. Sure you can setup special filters for each subnet -
I'd find it hard to believe most large network operators do this because
of the admin overhead and low(er) potential impact from amplifiers.
Stb
On Fri, 29 May 1998, Dalvenjah FoxFire wrote:
> Hi folks,
>
> I found a small list of smurf relays in a hacked account today and managed
> to mail all those folks privately asking that they fix their routers. I
> was reasonably proud of myself.
>
> Then I found this list, full of 175 different networks. Nearly all the
> ones I tried work, and the ones that didn't work didn't respond on other
> IPs either, so I'm assuming unreachability. This is a fresh list from
> an active smurfer, however, so it does work. (Boy, does it work. }:P )
>
> Since it would take me upwards of two weeks just to mail these folks -
> unless I put off work, school, and the like - I determined it would be
> much better to post the list to nanog and see what doesn't work after a
> few weeks. (Translation: there is no way in hell I'm mailing all these
> folks, not even with a script to try and parse all the internic/apnic/
> whatever whois outputs.)
>
> Yes, I realize this means that The Scum will start smurfing like crazy;
> however, this also means that those networks will get fixed quicker
> when they realize their outbound link is completely saturated with
> ECHO_REPLY.
>
> Please pass this around, call folks you know, call folks you don't know,
> do whatever it takes to get these folks to fix their routers. I have
> spent the past week dealing with various smurfs taking down ISPs, and
> I am getting extremely sick of it.
>
> (Note, if you're fixed, and you're on this list, I apologize; again,
> I don't have the time to check each and every address.)
>
> -dalvenjah
>
> 141.161.19.0
> 141.164.240.0
> 142.3.0.0
> 168.198.79.255
> 168.208.21..255
> 168.216.14.255
> 168.84.3.255
> 168.84.7.255
> 193.190.1.255
> 193.190.10.255
> 193.190.4.255
> 193.190.8.255
> 193.190.9.255
> 193.226.100.255
> 193.38.83.255
> 193.38.84.255
> 193.38.85.255
> 193.64.68.255
> 193.76.0.255
> 194.111.55.255
> 194.152.36.255
> 194.215.85.255
> 194.251.75.255
> 194.28.6.255
> 199.171.110.255
> 199.171.198.255
> 200.0.166.255
> 200.19.104.255
> 200.23.51.255
> 200.230.142.255
> 200.230.143.255
> 200.38.168.255
> 200.5.128.255
> 200.5.129.255
> 202.184.18.255
> 202.184.25.255
> 202.45.53.255
> 202.45.59.255
> 202.45.61.255
> 203.108.227.255
> 203.11.118.255
> 203.150.240.255
> 203.22.70.255
> 203.64.170.255
> 204.101.117.255
> 204.115.171.255
> 204.116.248.255
> 204.141.218.255
> 204.147.235.255
> 204.155.99.255
> 204.161.118.255
> 204.161.61.255
> 204.166.161.255
> 204.166.161.255
> 204.167.48.255
> 204.17.178.255
> 204.171.179.255
> 204.177.145.255
> 204.187.84.255
> 204.191.160.255
> 204.191.212.255
> 204.199.101.255
> 204.199.102.255
> 204.199.106.255
> 204.199.107.255
> 204.208.154.255
> 204.208.155.255
> 204.216.139.255
> 204.216.139.255
> 204.216.86.255
> 204.222.194.255
> 204.222.195.255
> 204.228.161.255
> 204.229.220.255
> 204.229.221.255
> 204.229.222.255
> 204.229.43.255
> 204.229.45.255
> 204.233.137.255
> 204.235.79.255
> 204.235.79.255
> 204.242.172.255
> 204.242.172.255
> 204.244.155.255
> 204.249.16.255
> 204.249.16.255
> 204.26.102.255
> 204.26.102.255
> 204.26.103.255
> 204.26.104.255
> 204.26.109.255
> 204.29.160.255
> 204.29.160.255
> 204.30.35.255
> 204.30.35.255
> 204.31.135.255
> 204.31.137.255
> 204.31.137.255
> 204.33.249.255
> 204.34.141.255
> 204.34.141.255
> 204.64.182.255
> 204.64.22.255
> 204.71.176.255
> 204.71.179.255
> 204.71.179.255
> 204.71.180.255
> 204.71.180.255
> 204.71.191.255
> 204.71.243.255
> 204.80.124.255
> 204.96.225.255
> 205.136.165.255
> 205.148.1.255
> 205.172.3.255
> 205.178.8.255
> 205.184.109.255
> 205.197.176.255
> 205.203.72.255
> 205.211.168.255
> 205.218.18.255
> 205.232.119.255
> 205.232.191.255
> 205.232.8.255
> 205.252.144.255
> 205.67.128.255
> 206.110.105.255
> 206.129.95.255
> 206.170.24.255
> 206.186.126.255
> 206.204.56.255
> 206.219.101.255
> 206.219.102.255
> 206.31.88.255
> 206.39.100.255
> 206.39.101.255
> 206.39.72.255
> 206.39.75.255
> 206.39.76.255
> 206.39.77.255
> 206.39.78.255
> 206.39.79.255
> 206.39.81.255
> 206.39.91.255
> 206.39.92.255
> 206.39.93.255
> 206.39.98.255
> 206.39.99.255
> 206.72.47.255
> 207.65.122.255
> 208.128.161.255
> 208.128.185.255
> 208.132.236.255
> 208.132.69.255
> 208.145.80.255
> 208.154.16.255
> 208.154.18.255
> 208.154.23.255
> 208.193.238.255
> 208.20.149.255
> 208.202.212.255
> 208.24.87.255
> 209.160.26.255
> 209.206.19.255
> 209.206.21.255
> 209.206.22.255
> 209.49.157.255
> 209.63.185.255
> 209.66.101.255
> 209.7.76.255
> 209.81.151.255
> 209.84.61.255
> 209.88.144.255
>
>
>
> --
> Dalvenjah FoxFire (aka Sven Nielsen) Fundamentalist Agnostic: "I don't
> Founder, the DALnet IRC Network know, and neither do you!"
>
> e-mail: dalvenjah at dal.net WWW: http://www.dal.net/~dalvenjah/
> whois: SN90 Try DALnet! http://www.dal.net/
>
More information about the NANOG
mailing list