Home page logo
/

nanog logo nanog mailing list archives

known networks for broadcast ping attacks
From: Edward Henigin <ed () texas net>
Date: Wed, 30 Jul 1997 11:41:40 -0500


        Here's a list of KNOWN NETWORKS that are being used to ping
flood other networks.  If one of your networks is in here, FILTER
BROADCAST PINGS NOW FROM ENTERING YOUR NETWORK.  YOUR NETWORK IS BEING
USED TO ATTACK OTHER NETWORKS.

        In my original e-mail, I noted that I suspected that there was
a list of known networks that could be used to attack other networks.
It appears my suspicion has been validated.

        This is from source code for 'smurf.c', which is used to
generate the ICMP broadcast pings, as I described in an earlier e-mail
to this mailing list.


-----Forwarded message-----

/*
 *
 *  smurf.c by TFreak [21:52 - 07/28/97]
 *
 *  spoofs icmp packets from a host to various broadcast addresses resulting
 *  in multiple replies to that host from a single packet.  
 *
 *  mad head to:  
 *     nyt, soldier, autopsy, legendnet, #c0de, irq for being my guinea pig,
 *     MissSatan for swallowing, napster for pimping my sister, the guy that
 *     invented vaseline, fyber for trying, knowy, old school #havok, kain 
 *     cos he rox my sox, zuez, toxik, robocod, Bug_Lord, and everyone else
 *     that i might have missed (you know who you are).
 * 
 *  mad anal to:
 *     #madcrew/#conflict for not cashing in their cluepons, EFnet IRCOps
 *     because they plain suck, Rolex for being a twit, everyone that
 *     trades warez, Caren for being a lesbian hoe, AcidKill for being her
 *     partner, #cha0s, sedriss for having an ego in inverse proportion to
 *     his penis and anyone that can't pee standing up. 
 *
 *  disclaimer:
 *     I cannot and will not be held responsible nor legally bound for the
 *     malicious activities of individuals who come into possession of this
 *     program and refuse to provide help or support of any kind and do NOT
 *     condone use of this program to deny service to anyone or any machine.
 *     This is for educational use only. Please Don't abuse this.
 *
 */   
 
[.. code deleted... EJH ]

   /* add your own broadcast ips, just make sure to end with NULL */
   char *bcastaddr[] = {
      "206.154.141.255", "165.154.1.255", "205.139.4.255", "198.3.101.255",
      "204.71.177.255", "255.255.255.255", "207.137.200.255", "192.41.177.255",
      "206.13.28.255", "144.228.20.255", "206.137.184.255", "192.41.177.255",
      "206.154.141.255", "165.154.1.255", "206.13.28.255", "129.16.1.0",
      "198.32.186.255", "205.206.120.255", "206.186.21.255", "204.212.36.255"
      "149.142.13.255", "208.132.231.255", "129.82.103.255", "130.63.236.255"
      "130.113.64.255", "198.53.145.255", "205.211.8.255", "204.186.99.255",
      "208.131.162.255", "130.132.143.255", "128.135.181.255", "204.162.96.0",
      "205.180.58.255", "206.86.0.255", "128.2.72.255", "199.227.0.255",
      "199.103.128.255", "208.218.130.255", "208.150.60.255", "206.26.128.255",
      "199.0.65.255", "207.69.200.255", "207.228.64.255", "204.247.0.255",
      NULL
   };

[.. code deleted... EJH ]

-----End of forwarded message-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault