[8899] in bugtraq

home help back first fref pref prev next nref lref last post

Re: netscan.org - broadcast ICMP list

daemon@ATHENA.MIT.EDU (Troy Davis)
Sun Jan 3 14:38:31 1999

Date: 	Sat, 2 Jan 1999 03:15:30 -0800
Reply-To: Troy Davis <troy@LTNX.NET>
From: Troy Davis <troy@LTNX.NET>
X-To:         Fyodor <fyodor@DHP.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.4.04.9812311446500.21890-100000@shell.dhp.com>; from
              Fyodor on Thu, Dec 31, 1998 at 03:22:14PM -0500

On Thu, Dec 31, 1998 at 03:22:14PM -0500, fyodor@DHP.COM wrote:

> On their page they say they are not going to release the scanner they use
> to test networks for the problem -- people should use their web query form
> instead.  This is unfortunate because the query form (like their database)
> seems to only check .0 and .255 addresses.  Also it only seems to do class
> 'C' addresses, meaning that you have to type in 256 addresses, one at a
> time, to do a class 'B'.

We're working on supporting any netmask, both for query size and interval
netmask (ie, 216.39.0.0/16 in /24 subnets).

As to the not allowing > class C searches, that's intentional right now.
We're trying to lessen the impact - on amps and the Internet at large - of
this data.  Someone smurfing with the original top 500 amps could have
saturated (large portions of) any NAP off a DS3.

> months nmap has had the capability to locate smurf addresses on your
> Nmap can be obtained from http://www.insecure.org/nmap/ .

Yep, neat tool.

Cheers,

Troy Davis

home help back first fref pref prev next nref lref last post