[22543] in North American Network Operators' Group
Re: Huge smurf attack
daemon@ATHENA.MIT.EDU (Jeremiah Kristal)
Mon Jan 11 12:32:49 1999
Date: Mon, 11 Jan 1999 12:14:04 -0500 (EST)
From: Jeremiah Kristal <jeremiah@fs.IConNet.NET>
To: Phil Howard <phil@whistler.intur.net>
cc: bross@mindspring.net, nanog@merit.edu
In-Reply-To: <199901111640.KAA25173@whistler.intur.net>
On Mon, 11 Jan 1999, Phil Howard wrote:
<<snip discussion about how clueful operators filter RFC1918 addresses>>
I agree that clueful operators filter RFC1918 addresses at their borders
and that they do not accept advertisements for RFC1918 space, however,
there is a specific network (10.177.180/24) that appears again and again
in smurf logs. I find it rather interesting that with 65k available /24s
in the 10/8 space, one specific /24 pops up much more often than any
other. Granted it's not that large an amplifier, but it seems odd that
even an RFC1918 network would be used as an amplifier for this long
without someone finding and securing it.
Jeremiah
