Smurf attack in progress - FIX YOUR RELAYS NOW
Dalvenjah FoxFire
dalvenjah at dal.net
Tue Nov 24 21:53:06 UTC 1998
Hi folks,
Since Sunday, I've e-mailed, telephoned, and contacted the folks responsible
for the networks involved in the current smurf against my network. Since
then, a grand total of four (count 'em, *four*) have responded and shut off
broadcasts.
Here are the networks that have ignored me so far. If you are a contact
for them, if you know the contact for them, peer with them, talk to them
on the golf course, whatever - get them out of bed, wake them up, and get
them to fix their routers *NOW*. If you are their uplink, block their
traffic or otherwise disconnect them until they fix their routers.
This is ridiculous, folks. I'm seeing networks that are customers of
UUnet, Sprint, MCI/C&W, Telia, all the big ISPs that are STILL smurf
amplifiers two years after we knew about the attack and how to fix it.
Note, I am sending this to nanog because none of these people have
responded or fixed their networks for *TWO DAYS* now. How do you
configure your router for this? Insert an ACL to deny connectivity
to these people until they fix their routers to not relay.
If you do happen to fix one of these networks, or if perhaps you can
backtrace the smurf destined for 209.133.28.69, please e-mail me
back or telephone me; my phone# is in whois.
-dalvenjah
#0 - Probable Smurf attack detected from 206.173.226.0/24 (1028 bytes)
Concentric Research Corp. (NETBLK-CONCENTRIC-BLK)
10590 N. Tantau Ave.
Cupertino, CA 95014
Concentric Networks.
#1 - Probable Smurf attack detected from 198.145.32.0/24 (1028 bytes)
Extensis Corporation (NETBLK-AUSNET-US-EXTEN)
55 SW Yamhill, Floor 4
Portland, OR 97204
USA
C&W/World.net customer
#2 - Probable Smurf attack detected from 206.136.9.0/24 (1028 bytes)
Primary Access Corporation (NET-PRIACC2)
12230 World Trade Drive
San Deigo, CA 92128-3765
US
UUnet customer
#3 - Probable Smurf attack detected from 194.16.2.0/24 (1028 bytes)
inetnum: 194.16.2.0 - 194.16.2.255
netname: NETCH
descr: Netch Technologies AB
country: SE
admin-c: HD26-RIPE
tech-c: SN38-RIPE
Telia customer
#4 - Probable Smurf attack detected from 143.224.103.0/16 (1028 bytes)
Joanneum Research (NET-JR-NETWORK)
A-8010 Graz
Steyrergasse 17
AUSTRIA
AGIS/Loralorion.net customer.
#5 - Probable Smurf attack detected from 204.151.131.0/24 (1028 bytes)
ANS CO+RE Systems, Inc. (NETBLK-ANS-C-BLOCK3)
100 Clearbrook Road
Elmsford, NY 10523
ANS/BCtel/AGT.net customer
#6 - Probable Smurf attack detected from 195.67.69.0/24 (1028 bytes)
inetnum: 195.67.69.0 - 195.67.69.31
netname: PROFFICE
descr: Proffice Ab
country: SE
admin-c: MH1035-RIPE
tech-c: MH1035-RIPE
Telia customer
#7 - Probable Smurf attack detected from 199.185.220.0/24 (1028 bytes)
ED TEL (NETBLK-EDTEL-PLANET)
Edmonton, AB; T5J 2R4
CA
BCtel/AGT.net customer
--
Dalvenjah FoxFire (aka Sven Nielsen) "Life is anything that dies when
Founder, the DALnet IRC Network you stomp on it." -Dave Barry
e-mail: dalvenjah at dal.net WWW: http://www.dal.net/~dalvenjah/
whois: SN90 Try DALnet! http://www.dal.net/
More information about the NANOG
mailing list