[12163] in North American Network Operators' Group
Re: smurf's attack...
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sat Sep 6 15:37:57 1997
Date: Sat, 6 Sep 1997 15:14:58 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Network Administrator <nacr@gate.net>
cc: nanog@merit.edu, noc@sura.net, hostmaster@sura.net, ken@CNET.COM,
postmaster@ICANET.NET, mpr@LI.NET, jon@LI.NET
In-Reply-To: <Pine.A32.3.93.970905111143.88936B-100000@inca.gate.net>
On Fri, 5 Sep 1997, Network Administrator wrote:
> The following network numbers were pulled from a program called "smurf".
As I feared would happen, there seem to be multiple versions of smurf out
with different amplifier network lists. FDT was smurfed for about an hour
last night, and of the list of broadcast addresses posted very few were used
in last night's attack...and a large number of the nets used were not in the
posted list.
Some of the more heavily populated (and thus nastier) amplification nets
used last night follow.
If you're on this list, PLEASE FIX YOUR ROUTERS. If you're using Cisco's,
its probably as simple as adding "no ip directed-broadcast" to the
ethernet interfaces on your routers.
Also, what's the deal with Internic allowing registrations with things
like nomailbox@NOWHERE? That's an incredibly useful contact. If Kent
Percival is in charge of a university's network, surely he has an email
address. Maybe it's time for a smurf amplifier blackhole list. If you're
used as a smurf amplifier, you get BGP blackholed for say 6 hours, and on
each subsequent occurance, the time doubles. I bet that would fix the
problem real fast.
[85 hosts responding]
SURAnet (NET-MAE-EAST)
8400 Baltimore Boulevard
College Park, MD 20740
Netname: MAE-EAST
Netnumber: 192.41.177.0
Coordinator:
SURAnet (SURA-NOC) noc@sura.net hostmaster@sura.net
(301) 982-3214
[24 hosts responding]
CNet (NETBLK-NETBLK-CNET)
150 Chestnut Street
San Francisco, CA 94111
US
Netname: NETBLK-CNET
Netblock: 204.162.80.0 - 204.162.87.0
Maintainer: RGN
Coordinator:
Emery, Ken (KE53) ken@CNET.COM
(415) 395-7805 x569
[32 hosts responding]
Internet Communications of America (NETBLK-UU-208-202-14)
1020 N.W. 163rd Drive
Miami, FL 33169
US
Netname: UU-208-202-14
Netblock: 208.202.14.0 - 208.202.15.255
Coordinator:
Neptune, Mark (MN182) postmaster@ICANET.NET
305-621-9200
[21 hosts responding]
LI Net Inc. (NET-LI-NET)
45 Manor Rd.
Smithtown, NY 11787
US
Netname: LI-NET
Netnumber: 199.171.6.0
Maintainer: LI
Coordinator:
Reilly, Michael (MR113) mpr@LI.NET
516-265-0997
Alternate Contact:
Harris, Jon (JH201) jon@LI.NET
516-265-0997
[29 hosts responding]
University of Guelph (NET-UOGUELPH)
Guelph, Ontario, N1G 2W1
CANADA
Netname: UOGUELPH
Netnumber: 131.104.0.0
Coordinator:
Percival, Kent (KP50) nomailbox@NOWHERE
+1 (519) 824-4120 ext. 6397
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
