nanog mailing list archives
Re: SMURF amplifier block list
From: Jeremy Porter <jerry () freeside fc net>
Date: Mon, 20 Apr 1998 20:34:04 -0500
In message <199804210004.SAA02213 () meowy angio net>, Dave Andersen writes:
Not really. The lists of smurfable addresses on the net have contained network numbers for a while now, or so goes the rumor on other lists. It could have come through someone scanning addresses sequentially to find a broadcast address (mm, exciting job), or it could have come from a clueful cracker somewhere else. It doesn't take too many brains to use the prepackaged hacking/crashing programs people can download off Bugtraq. (OTOH, there are quite a few clueful crackers out there, who've found that reading the RFCs is a good thing. Crackers reading RFCs may not be a good thing. :-)
If these attackers had been reading the RFCs years ago, these problems would have been fixed on a much smaller network, causing less total disruption. But of course they were exploiting other security holes at the time. Security holes DON'T get fixed until they are exploited on a large scale, this applies to gaping lapses in Internet design, due to its origin of "cooperative" networks, things like sendmail and bind defaulting to "trust everyone", i.e. sendmail relaying, and bind additional RR poisoning. There simply are too many things broken for someone to considering fixing all the known issues before they are abused. But eventually we will see source filtering and "no ip directed broadcast", but if sendmail relaying is any indication, it will be another year and 1/2 before the first 90% of the problem is fixed. --- Jeremy Porter, Freeside Communications, Inc. jerry () fc net PO BOX 80315 Austin, Tx 78708 | 512-458-9810 http://www.fc.net
Current thread:
- Re: SMURF amplifier block list, (continued)
- Re: SMURF amplifier block list Al Reuben (Apr 17)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dan Boehlke (Apr 18)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dan Boehlke (Apr 18)
- Re: SMURF amplifier block list Jeremiah Kristal (Apr 19)
- Re: SMURF amplifier block list Brandon Ross (Apr 20)
- Re: SMURF amplifier block list Dean Anderson (Apr 20)
- Re: SMURF amplifier block list Dave Andersen (Apr 20)
- Re: SMURF amplifier block list Jeremy Porter (Apr 20)
- Re: SMURF amplifier block list Brandon Ross (Apr 22)
- Re: SMURF amplifier block list Jason Lixfeld (Apr 24)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 20)
- Spoofed Packet Tracker (Was Re: SMURF amplifier block list) Jared Mauch (Apr 20)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 19)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 18)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)