Home page logo

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: Karl Denninger <karl () mcs net>
Date: Sun, 12 Apr 1998 14:59:16 -0500

On Sun, Apr 12, 1998 at 12:35:44PM -0700, Craig A. Huegen wrote:
On Sun, 12 Apr 1998, Alex P. Rudnev wrote:

==>Remember, this intruders use small ISP as their service providers, not 
==>huge MCI or SPRINT.

Actually, the majority of these people use compromised root accounts in
educational institutions, educational residence halls w/ Ethernet,
enterprises w/o decent firewalls, and co-location machines.

There are lists which exist of over 200-300 compromised root accounts and
access capabilities from which someone can launch an attack.


Yep.  But the point still remains that if you can't get the traffic out of
the source network a smurf attempt doesn't work.

Those "educational" sites which allow residence hall connections to launch
this kind of thing deserve to be permanently black-holed from the Internet
until they fix things.  And yes, I know this means they'll have to spend
money.  Tough cookies.  This is NOT an unsolvable problem (I can solve it 
with a $1,000 PC running IPFW between the residence hall Ethernet and the 
rest of the campus, or a few statements in a CISCO config) so people saying 
its an intractable problem are lying.  


Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
                             | NEW! Corporate ISDN Prices dropped by up to 50%!
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]