nanog mailing list archives

Re: smurf's attack...

From: Jon Lewis <jlewis () inorganic5 fdt net>
Date: Sat, 6 Sep 1997 15:14:58 -0400 (EDT)

On Fri, 5 Sep 1997, Network Administrator wrote:

The following network numbers were pulled from a program called "smurf".


As I feared would happen, there seem to be multiple versions of smurf out
with different amplifier network lists.  FDT was smurfed for about an hour
last night, and of the list of broadcast addresses posted very few were used
in last night's attack...and a large number of the nets used were not in the
posted list.

Some of the more heavily populated (and thus nastier) amplification nets
used last night follow.

If you're on this list, PLEASE FIX YOUR ROUTERS.  If you're using Cisco's,
its probably as simple as adding "no ip directed-broadcast" to the
ethernet interfaces on your routers.

Also, what's the deal with Internic allowing registrations with things
like nomailbox@NOWHERE?  That's an incredibly useful contact.  If Kent
Percival is in charge of a university's network, surely he has an email
address.  Maybe it's time for a smurf amplifier blackhole list.  If you're
used as a smurf amplifier, you get BGP blackholed for say 6 hours, and on
each subsequent occurance, the time doubles.  I bet that would fix the
problem real fast. 

[85 hosts responding]
SURAnet (NET-MAE-EAST)
   8400 Baltimore Boulevard
   College Park, MD  20740

   Netname: MAE-EAST
   Netnumber: 192.41.177.0

   Coordinator:
      SURAnet  (SURA-NOC)  noc () sura net   hostmaster () sura net
      (301) 982-3214

[24 hosts responding]
CNet (NETBLK-NETBLK-CNET)
   150 Chestnut Street
   San Francisco, CA 94111
   US

   Netname: NETBLK-CNET
   Netblock: 204.162.80.0 - 204.162.87.0
   Maintainer: RGN

   Coordinator:
      Emery, Ken  (KE53)  ken () CNET COM
      (415) 395-7805 x569

[32 hosts responding]
Internet Communications of America (NETBLK-UU-208-202-14)
   1020 N.W. 163rd Drive
   Miami, FL 33169
   US

   Netname: UU-208-202-14
   Netblock: 208.202.14.0 - 208.202.15.255

   Coordinator:
      Neptune, Mark  (MN182)  postmaster () ICANET NET
      305-621-9200


[21 hosts responding]
LI Net Inc. (NET-LI-NET)
   45 Manor Rd.
   Smithtown, NY 11787
   US

   Netname: LI-NET
   Netnumber: 199.171.6.0
   Maintainer: LI

   Coordinator:
      Reilly, Michael  (MR113)  mpr () LI NET
      516-265-0997
   Alternate Contact:
      Harris, Jon  (JH201)  jon () LI NET
      516-265-0997

[29 hosts responding]
University of Guelph (NET-UOGUELPH)
   Guelph, Ontario, N1G 2W1
   CANADA

   Netname: UOGUELPH
   Netnumber: 131.104.0.0

   Coordinator:
      Percival, Kent  (KP50)  nomailbox@NOWHERE
      +1 (519) 824-4120 ext. 6397

------------------------------------------------------------------
 Jon Lewis <jlewis () fdt net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

Current thread:

Re: smurf's attack..., (continued)
- - - Re: smurf's attack... Jordyn A. Buchanan (Sep 05)
    - Re: smurf's attack... Michael K. Sanders (Sep 05)
    - Re: smurf's attack... Randy Bush (Sep 05)
    - Re: smurf's attack... Dave Andersen (Sep 06)
    - Re: smurf's attack... Randy Bush (Sep 05)
    - Message not available
    - Re: smurf's attack... Jay R. Ashworth (Sep 05)
    - Re: smurf's attack... Dave Bergum (Sep 05)
    - Re: smurf's attack... Phil Howard (Sep 05)
    - Re: smurf's attack..i Steve Noble (Sep 05)
    - Re: smurf's attack... Wayne Bouchard (Sep 05)
- Re: smurf's attack... Jon Lewis (Sep 06)
- Re: smurf's attack... Barry A. Dykes (Sep 05)