Solution: Re: Huge smurf attack
Alex P. Rudnev
alex at Relcom.EU.net
Tue Jan 12 09:35:16 UTC 1999
> On Mon, 11 Jan 1999, Dan Hollis wrote:
>
> > Or perhaps someone would like to take a proactive approach at scanning for
> > smurfable networks and closing them before the script kiddies find them?
>
> There are at least 2 different teams already doing this. The trouble is,
> who has the authority to disconnect smurf amp networks? Nobody,
> really...but the reality is that if an RBL-like system were setup for
You can public the access list for outgoing links discarding initial
packets to this amlifyer, A lot of ISP are ready to install such lists.
Or the other idea - if someone install BGP anouncing this addresses as
the /32 hosts (like RBL does for spam relays) anyone can block this
addresses to NULL and avoid attempts to run smurf from their customers.
> smurf amp networks, and if some of the larger backbones subscribed to it,
> smurf amp networks would get fixed real fast.
>
> Can any of the readers working for backbones (like UUNet, Sprint, C&W)
> speak up and tell us if there's a chance in hell their networks would
> subscribe to such a service?
It's of great interest. Through, pay attention to:
(1) to call 'smurf' broken servers are used;
(2) most of such servers are in non-commercial networks (scientific, for
example);
(3) such networks often have their own peering relations instead of using
UUnet and other monsters for the service.
>
> ----don't waste your cpu, crack rc5...www.distributed.net team enzo---
> Jon Lewis <jlewis at fdt.net> | Spammers will be winnuked or
> Network Administrator | nestea'd...whatever it takes
> Florida Digital Turnpike | to get the job done.
> ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key________
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG
mailing list