Home page logo
/

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: Karl Denninger <karl () mcs net>
Date: Sun, 12 Apr 1998 14:59:16 -0500

On Sun, Apr 12, 1998 at 12:35:44PM -0700, Craig A. Huegen wrote:
On Sun, 12 Apr 1998, Alex P. Rudnev wrote:

==>Remember, this intruders use small ISP as their service providers, not 
==>huge MCI or SPRINT.

Actually, the majority of these people use compromised root accounts in
educational institutions, educational residence halls w/ Ethernet,
enterprises w/o decent firewalls, and co-location machines.

There are lists which exist of over 200-300 compromised root accounts and
access capabilities from which someone can launch an attack.

/cah

Yep.  But the point still remains that if you can't get the traffic out of
the source network a smurf attempt doesn't work.

Those "educational" sites which allow residence hall connections to launch
this kind of thing deserve to be permanently black-holed from the Internet
until they fix things.  And yes, I know this means they'll have to spend
money.  Tough cookies.  This is NOT an unsolvable problem (I can solve it 
with a $1,000 PC running IPFW between the residence hall Ethernet and the 
rest of the campus, or a few statements in a CISCO config) so people saying 
its an intractable problem are lying.  

Period.

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
                             | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault