[18455] in North American Network Operators' Group
Re: Smurfable Networks
daemon@ATHENA.MIT.EDU (Richard Thomas)
Wed Jul 22 15:22:09 1998
From: "Richard Thomas" <buglord@ex-pressnet.com>
To: "Brian Horvitz" <horvitz@shore.net>
Cc: <nanog@merit.edu>
Date: Thu, 23 Jul 1998 02:58:57 -0400
-----Original Message-----
From: Brian Horvitz <horvitz@shore.net>
To: Richard Thomas <buglord@ex-pressnet.com>
Cc: nanog@merit.edu <nanog@merit.edu>
Date: Wednesday, July 22, 1998 2:51 PM
Subject: Re: Smurfable Networks
>Actually, it turns out that a some of what I posted were only echo replies
>from single hosts. This was indeed a real smurf..at one point we were
>pulling about 50 Meg over 3 T3s. The error I made was in generating the
>list of amplifier networks from my log files. Networks with even one
>single echo reply to the target address were included in the list. Such
>was the case with the net 12 entries - each one corresponded only to one
>IP address, not a whole network worth.
I tried about 30 from the list and didn't get a single dupe, but anyhow,
check out SmurfLog v1.1 available at http://www.sy.net/security by yours
truly, a much better way to gather only the guilty without generating 2 gig
log files in the process.
