[16330] in North American Network Operators' Group
Re: SMURF amplifier block list
daemon@ATHENA.MIT.EDU (Dave Andersen)
Mon Apr 20 20:12:23 1998
From: Dave Andersen <angio@angio.net>
In-Reply-To: <v03007878b1617e47cb0d@[198.3.136.121]> from Dean Anderson at "Apr 20, 98 06:44:38 pm"
To: dean@av8.com (Dean Anderson)
Date: Mon, 20 Apr 1998 18:04:15 -0600 (MDT)
Cc: nanog@merit.edu
Lo and behold, Dean Anderson once said:
>
> [Discussion about the use of .0 as broadcast deleted]
>
> But it is interesting that the person would have thought to use it in a
> smurf attack... If they know that much, they really should have known
> better than to smurf. I hope they throw the whole bookcase at them...
Not really. The lists of smurfable addresses on the net have contained
network numbers for a while now, or so goes the rumor on other lists. It
could have come through someone scanning addresses sequentially to find a
broadcast address (mm, exciting job), or it could have come from a clueful
cracker somewhere else. It doesn't take too many brains to use the
prepackaged hacking/crashing programs people can download off Bugtraq.
(OTOH, there are quite a few clueful crackers out there, who've found that
reading the RFCs is a good thing. Crackers reading RFCs may not be a good
thing. :-)
-Dave
