Home page logo
/

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: "Alex P. Rudnev" <alex () Relcom EU net>
Date: Sun, 12 Apr 1998 15:59:30 +0400 (MSD)

Hi.

May be, someone will maintain such lists? First, it allow to fix smurf 
source by 'log' option in the CISCO list; second, it'll prefere some 
attacks.






On Sat, 11 Apr 1998, Karl Denninger wrote:

Date: Sat, 11 Apr 1998 15:25:33 -0500
From: Karl Denninger <karl () mcs net>
To: nanog () merit edu
Subject: SMURF amplifier block list


The following networks and masks are banned from our network at the core due
to being smurf amplifiers.

When the folks who own these STOP THIS, we'll take them off the list.
Contact me by TELEPHONE if you want to discuss this matter or what a Smurf
is and why you should care.

I'm going to start posting the blacklist here weekly in the hopes that peer
pressure will cause people to clean up their acts.  Until you DO clean up
your act, you're not transiting our network - period.

We're not going to accept this kind of vandalism and attractive nuisance any
more.  If you haven't disabled directed broadcast forwarding, you are a
potential listee on this blacklist.  

DO IT NOW, or risk connectivity blockades.

I urge all other network providers to block any identified smurf amplifier 
that they can verify, and to post their list as well.

Only through public pressure can people be forced to CORRECTLY configure 
their networks to make these attacks impossible to launch.

access-list 2 deny   128.118.0.0 0.0.255.255
access-list 2 deny   129.24.0.0 0.0.255.255
access-list 2 deny   129.111.0.0 0.0.255.255
access-list 2 deny   129.100.0.0 0.0.255.255
access-list 2 deny   128.40.0.0 0.0.255.255
access-list 2 deny   129.101.0.0 0.0.255.255
access-list 2 deny   203.64.0.0 0.0.255.255
access-list 2 deny   129.115.0.0 0.0.255.255
access-list 2 deny   203.108.225.0 0.0.0.255
access-list 2 deny   129.60.0.0 0.0.255.255
access-list 2 deny   137.79.0.0 0.0.255.255
access-list 2 deny   130.37.0.0 0.0.255.255
access-list 2 deny   130.70.0.0 0.0.255.255
access-list 2 deny   203.108.236.0 0.0.0.255
access-list 2 deny   132.169.0.0 0.0.255.255
access-list 2 deny   129.107.0.0 0.0.255.255
access-list 2 deny   129.49.0.0 0.0.255.255
access-list 2 deny   129.96.0.0 0.0.255.255
access-list 2 deny   130.65.0.0 0.0.255.255
access-list 2 deny   134.205.0.0 0.0.255.255
access-list 2 deny   129.29.0.0 0.0.255.255
access-list 2 deny   204.48.224.0 0.0.0.255
access-list 2 deny   205.177.49.0 0.0.0.255
access-list 2 deny   204.47.208.0 0.0.0.255
access-list 2 deny   204.242.172.0 0.0.0.255
access-list 2 deny   194.6.129.0 0.0.0.255
access-list 2 deny   206.31.78.0 0.0.0.255
access-list 2 deny   207.211.60.0 0.0.0.255
access-list 2 deny   206.27.242.0 0.0.0.255
access-list 2 deny   207.175.67.0 0.0.0.255


I'm sure there are more, but these are the ones blacklisted in our 
network configuration right now.

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
                           | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost


Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]