Security Incidents mailing list archives
Re: smurf scanning
From: rob () NETWORKICE COM (Robert Graham)
Date: Mon, 21 Feb 2000 14:34:06 -0800
My home computer is on a DSL line that gets a lot of smurf/fraggle scans, and appears to be used occasionally as an amplifier. I see constant incoming packets to x.x.x.0 and x.x.x.255 using UDP port 7/echo and ICMP type 8/ping. Most of these are simple scans, but once someone was actively smurfing/fraggling. My guess is that my ISP is listed as a smurf amplifier, and is checked every so often, and occasionally used. I really should complain to my ISP, but I just have too much fun watching hackers at play. Robert Graham -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On Behalf Of Jon Lewis Sent: Sunday, February 20, 2000 3:18 PM To: INCIDENTS () securityfocus com Subject: smurf scanning I was scanning through some firewall logs for a client this weekend and noticed 40 scans in the past week for either 8/0/icmp x.y.z.0 or 8/0/icmp x.y.z.255 (they have a T1 to the net and a single /24). Alot of the scans came from dialups in Italy or the UK. A few were hacked Linux boxes (one in the US, one in Italy, one in Korea). I guess the people who use smurf have to continually hunt for networks appropriate for smurf amplification...but I didn't realize they were this actively scanning the net. Also present in the logs were people scanning the entire /24 for dns servers, and other less common protocols. Are others seeing/noticing similar things? ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Current thread:
- smurf scanning Jon Lewis (Feb 20)
- Re: smurf scanning Robert Graham (Feb 21)
- rooted Philip Champon (Feb 22)
- Re: rooted Omachonu Ogali (Feb 23)
- Re: rooted Administrator (Feb 23)
- Being Hacked?! Please Help!! Francis Lee (Feb 24)
- Re: rooted John Kougoulos (Feb 24)
- Re: smurf scanning Rick Magill (Feb 23)
- rooted Philip Champon (Feb 22)
- @home: Is *anyone* really home there??? Missouri FreeNet Administration (Feb 22)
- Re: @home: Is *anyone* really home there??? Omachonu Ogali (Feb 22)
- Re: @home: Is *anyone* really home there??? Jim Littlefield (Feb 23)
- Re: @home: Is *anyone* really home there??? James M. Atkinson, Comm-Eng (Feb 23)
(Thread continues...)
- Re: smurf scanning Robert Graham (Feb 21)