nanog mailing list archives
Re: netscan.org update
From: Simon Lyall <simon.lyall () ihug co nz>
Date: Wed, 27 Sep 2000 09:24:12 +1200 (NZST)
On Tue, 26 Sep 2000, John Payne wrote:
I'm not saying that having a list is a bad idea. But it should be a list of amps that have been found using logs from attacks, not by going out and scanning for them
The problem with reasonable sized smurfs is that you can't just casually log them and trace back. If I want to go after open mail relays I can just look at the headers of spam I personally get and trace these back to the providers. Logging 10-100 Mb/s smurfs (which we see several per day) on the other hand is not something you can just do and trace back. That level of traffic tends to melt whatever you try to log it with unless you throw a bit of time and hardware into preparing to log it. Of course when it's 50 machines scattered across the Internet all spoofing random source addresses then don't even bother. -- Simon Lyall. | Newsmaster | Work: simon.lyall () ihug co nz Senior Network/System Admin | | Home: simon () darkmere gen nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
Current thread:
- Re: netscan.org update, (continued)
- Re: netscan.org update John Payne (Sep 25)
- Re: netscan.org update John Fraizer (Sep 25)
- Re: netscan.org update Henry R. Linneweh (Sep 26)
- Re: netscan.org update Daniel Senie (Sep 26)
- Re: netscan.org update Henry R. Linneweh (Sep 26)
- Re: netscan.org update John Payne (Sep 26)
- Re: netscan.org update John Fraizer (Sep 26)
- Re: netscan.org update John Payne (Sep 26)
- Re: netscan.org update Bill Fumerola (Sep 26)
- Re: netscan.org update John Fraizer (Sep 26)
- Re: netscan.org update Simon Lyall (Sep 26)
- Re: netscan.org update Michael Shields (Sep 25)
- Re: netscan.org update Greg A. Woods (Sep 25)
- RE: netscan.org update John Fraizer (Sep 25)
- Re: netscan.org update Bradley Dunn (Sep 25)
- Re: netscan.org update Charles Sprickman (Sep 25)
- Re: netscan.org update Roland Dobbins (Sep 25)