mailing list archives
Re: SMURF amplifier block list
From: "Alex P. Rudnev" <alex () Relcom EU net>
Date: Sat, 18 Apr 1998 22:44:56 +0400 (MSD)
What about people who didn't subnet their class B on the eight bit
boundry, but made larger subnets instead? What about the class B that
doesn't appear to be subnetted at all? What about supernetted class C
networks? A trailing .255 can be a valid host.
And what's worng? If they di nit subnet their B network, the tail of
address should be .255 too.
If someone have particular .255 host - OK, you should not be able to ping
it, not more. The small fee for the free-of-smurfing-from-your-network.
Why don't use the filter
deny icmp any 0.0.0.255 255.255.255.0 echo-request
Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot
of networks do not block aroadcast echo-request's; no one even know how
to trace thos 'echo-request' packets by their network... may be I am
wrong, and it's because there is _a lot of ISP_ there, and even a few af
them who do not know how to fight against SMURF compose a good backet - I
do not know.
Really; does anyone know any sucsessfull attempts to search for the
smurfer? What penalty was provided for this hackers? Does exist some
legitimate way to establish a lawsuite against them (when they'll be
located - last is the only matter of qualification for their nearest ISP,