nanog mailing list archives

Re: netscan.org update

From: John Fraizer <nanog () EnterZone Net>
Date: Tue, 26 Sep 2000 01:13:35 -0400 (EDT)


On Mon, 25 Sep 2000, John Payne wrote:


On Sat, Sep 23, 2000 at 08:19:58PM -0700, Troy Davis wrote:

Netscan.org hasn't created a BGP blackhole announcement out of lack of
time and because, at least while some significant sites are on it, we
doubt many people would use it.  Interestingly, looking at the top
smurf-announcing ASNs, an average American backbone could block easily 
half of them and barely notice.


I've been very quiet on the scanning for smurf amps thing... which is
contrary to my nature :-)

However, I would really not like to see a BGP based listing of smurf
amps based on results from scanning.

E-mailing network operators who have smurf amps that happen to not have been
abused (maybe its a /30 with little bandwidth) smacks of UBE to me... and
you shouldn't be listing without notification...


-- 
John Payne      http://www.sackheads.org/jpayne/    john () sackheads org
http://www.sackheads.org/uce/                    Fax: +44 870 0547954
        To send me mail, use the address in the From: header



John,

The problem is that while some operators may not have been aware of their
problem, if they are not aware of the problem at-large, they are, IMHO,
not worthy of announcing to the global internet at large and as such,
we should not be listening to their announcements.

If, once they figure out they're being filtered, they decide to take care
of their problems, they will be removed from the BGP feed.

The SMURF problem is years old.  People who don't look for this on their
own networks and prevent it before it starts are AS MUCH if not MORE a
part of the problem as the script kiddies.


So, to sum it up, I disagree.  To back this up, if you find a SMURF
amplifier on my network, please feel free to add

ip as-path access-list WHATEVER deny 13944

to your filters.

We check our network constantly and have NEVER been the originator of, or
a transit AS for a SMURF attack of _ANY) size.

---
John Fraizer
EnterZone, Inc

Current thread:

Re: netscan.org update, (continued)
- - - Re: netscan.org update Troy Davis (Sep 24)
    - Re: netscan.org update James A. T. Rice (Sep 24)
    - Re: netscan.org update Bill Woodcock (Sep 24)
    - Message not available
    - Re: netscan.org update John Payne (Sep 25)
    - Re: netscan.org update Troy Davis (Sep 24)
    - Re: netscan.org update dies (Sep 24)
    - Re: netscan.org update Jason Slagle (Sep 24)
  - Re: netscan.org update Troy Davis (Sep 23)
    - Re: netscan.org update Troy Davis (Sep 23)
    - Re: netscan.org update John Payne (Sep 25)
    - Re: netscan.org update John Fraizer (Sep 25)
    - Re: netscan.org update Henry R. Linneweh (Sep 26)
    - Re: netscan.org update Daniel Senie (Sep 26)
    - Re: netscan.org update Henry R. Linneweh (Sep 26)
    - Re: netscan.org update John Payne (Sep 26)
    - Re: netscan.org update John Fraizer (Sep 26)
    - Re: netscan.org update John Payne (Sep 26)
    - Re: netscan.org update Bill Fumerola (Sep 26)
    - Re: netscan.org update John Fraizer (Sep 26)
    - Re: netscan.org update Simon Lyall (Sep 26)
  - Re: netscan.org update Leo Bicknell (Sep 24)

(Thread continues...)