[8899] in bugtraq
Re: netscan.org - broadcast ICMP list
daemon@ATHENA.MIT.EDU (Troy Davis)
Sun Jan 3 14:38:31 1999
Date: Sat, 2 Jan 1999 03:15:30 -0800
Reply-To: Troy Davis <troy@LTNX.NET>
From: Troy Davis <troy@LTNX.NET>
X-To: Fyodor <fyodor@DHP.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.04.9812311446500.21890-100000@shell.dhp.com>; from
Fyodor on Thu, Dec 31, 1998 at 03:22:14PM -0500
On Thu, Dec 31, 1998 at 03:22:14PM -0500, fyodor@DHP.COM wrote:
> On their page they say they are not going to release the scanner they use
> to test networks for the problem -- people should use their web query form
> instead. This is unfortunate because the query form (like their database)
> seems to only check .0 and .255 addresses. Also it only seems to do class
> 'C' addresses, meaning that you have to type in 256 addresses, one at a
> time, to do a class 'B'.
We're working on supporting any netmask, both for query size and interval
netmask (ie, 216.39.0.0/16 in /24 subnets).
As to the not allowing > class C searches, that's intentional right now.
We're trying to lessen the impact - on amps and the Internet at large - of
this data. Someone smurfing with the original top 500 amps could have
saturated (large portions of) any NAP off a DS3.
> months nmap has had the capability to locate smurf addresses on your
> Nmap can be obtained from http://www.insecure.org/nmap/ .
Yep, neat tool.
Cheers,
Troy Davis