[22532] in North American Network Operators' Group
Re: Huge smurf attack
daemon@ATHENA.MIT.EDU (Phil Howard)
Sat Jan 9 23:36:13 1999
From: Phil Howard <phil@whistler.intur.net>
To: bross@mindspring.net (Brandon Ross)
Date: Sat, 9 Jan 1999 22:17:46 -0600 (CST)
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.3.96.990109162736.10450S-100000@xymox.netops.mindspring.net> from "Brandon Ross" at Jan 9, 99 04:28:03 pm
Brandon Ross wrote:
> ftp://ftp.mindspring.net/users/bross/smurfsources
I find it slightly interesting that some private addresses were in the
list. There were some addresses in 10/8, 172.16/12, and 192.168/16.
Thus the source of the attack must have had some addresses in these
private network ranges reachable somehow, either internally in the
network the attacker(s) originate, or routes leaking onto the internet.
If the former, that would mean they had the capacity from that internal
network to carry the forged echo requests as well as those private
sourced echo replies.
--
-- *-----------------------------* Phil Howard KA9WGN * --
-- | Inturnet, Inc. | Director of Internet Services | --
-- | Business Internet Solutions | eng at intur.net | --
-- *-----------------------------* philh at intur.net * --
