[31504] in North American Network Operators' Group
Re: netscan.org update
daemon@ATHENA.MIT.EDU (Troy Davis)
Tue Sep 26 12:52:30 2000
Date: Tue, 26 Sep 2000 09:48:53 -0700
From: Troy Davis <troy@nack.net>
To: "Roeland M.J. Meyer" <rmeyer@MHSC.com>
Cc: nanog@merit.edu
Message-ID: <20000926094853.D20992@nack.net>
Mail-Followup-To: Troy Davis <troy@nack.net>,
"Roeland M.J. Meyer" <rmeyer@MHSC.com>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1148622BC878D411971F0060082B042C3717@hawk.lvrmr.mhsc.com>; from rmeyer@MHSC.com on Tue, Sep 26, 2000 at 09:33:23AM -0700
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 26 Sep 2000, Roeland M.J. Meyer <rmeyer@MHSC.com> wrote:
> I know that all of you are aware of this. Granted, each subsequently
> smaller subnet also limits the maximum number of hosts that will respond
> to the smurf trigger. The point is that, the web-site ONLY tests 0 and
Actually, that's often not the case. Through NAT and other modern
marvels, it's possible to have massively overpopulated netblocks that
all respond. The largest amplifier we've found yet was 170,000x (on
a class C).
> the script-kiddees already have a means to do so. Had I the time, I
> could write the code, the algorithm is trivial.
We've got the code to scan for them, but started with /24. In October
or November, we'll probably scan to /27 boundaries.
Also, there's now a list of amplifiers, sorted by ASN, rechecked and
updated nightly. It's linked off the main netscan.org page.
Cheers,
Troy
