Home page logo

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: "Alex P. Rudnev" <alex () Relcom EU net>
Date: Sat, 18 Apr 1998 22:44:56 +0400 (MSD)

What about people who didn't subnet their class B on the eight bit 
boundry, but made larger subnets instead?  What about the class B that 
doesn't appear to be subnetted at all?  What about supernetted class C 
networks?  A trailing .255 can be a valid host.
And what's worng? If they di nit subnet their B network, the tail of 
address should be .255 too.

If someone have particular .255 host - OK, you should not be able to ping 
it, not more. The small fee for the free-of-smurfing-from-your-network.

Why don't use the filter

 deny icmp any echo-request
Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot 
of networks do not block aroadcast echo-request's; no one even know how 
to trace thos 'echo-request' packets by their network... may be I am 
wrong, and it's because there is _a lot of ISP_ there, and even a few af 
them who do not know how to fight against SMURF compose a good backet - I 
do not know. 

Really; does anyone know any sucsessfull attempts to search for the 
smurfer? What penalty was provided for this hackers? Does exist some 
legitimate way to establish a lawsuite against them (when they'll be 
located - last is the only matter of qualification for their nearest ISP, 
not more).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]