[18456] in North American Network Operators' Group
Re: Smurfable Networks
daemon@ATHENA.MIT.EDU (Brian Horvitz)
Wed Jul 22 15:25:03 1998
Date: Wed, 22 Jul 1998 14:54:03 -0400 (EDT)
From: Brian Horvitz <horvitz@shore.net>
To: Richard Thomas <buglord@ex-pressnet.com>
cc: nanog@merit.edu
In-Reply-To: <003301bdb603$271226a0$0201a8c0@winblows.sy.net>
Actually, it turns out that a some of what I posted were only echo replies
from single hosts. This was indeed a real smurf..at one point we were
pulling about 50 Meg over 3 T3s. The error I made was in generating the
list of amplifier networks from my log files. Networks with even one
single echo reply to the target address were included in the list. Such
was the case with the net 12 entries - each one corresponded only to one
IP address, not a whole network worth.
Brian
>
>
> >It is not clear to me how you got net 12 entries in your list.
> >They are not smurfable and I don't think they have even been.
> >Please remove them from your list.
> >Thanks.
>
> I don't see a single entry in that list which is a broadcast. I would say
> someone is being taken here. Perhaps you were flooded with straight spoofed
> echo replies, as most of these networks seem to be the EXTRA-responsible
> ones.
>
