Home page logo

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: "Alex P. Rudnev" <alex () Relcom EU net>
Date: Mon, 20 Apr 1998 15:21:20 +0400 (MSD)

I do not know. I think it's urgent nessecaty to create some method to 
back-trace any SRC address, realised (at least) by CISCO, because it's 
clean we are not ready (we - hw. vendors, CEF is too new and unchecked 
futore and do not work at middle-class routers and access-servers where 
it's place for the SRC filtering) to make strict src-filtering at the 
customer-links level.

On Sun, 19 Apr 1998 jlixfeld () idirect ca wrote:

Date: Sun, 19 Apr 1998 18:48:32 -0400 (EDT)
From: jlixfeld () idirect ca
To: "Alex P. Rudnev" <alex () Relcom EU net>
Cc: Dan Boehlke <dboehlke () mr net>, Dean Anderson <dean () av8 com>,
    nanog () merit edu
Subject: Re: SMURF amplifier block list

Cisco has a method of tracing SMuRF, do they not?  Anyone know how they do
it?!  Is it some imbedded thing, or do they call the owners of each
network and pray that they have Ciscos?

On Sat, 18 Apr 1998, Alex P. Rudnev wrote:

:> What about people who didn't subnet their class B on the eight bit 
:> boundry, but made larger subnets instead?  What about the class B that 
:> doesn't appear to be subnetted at all?  What about supernetted class C 
:> networks?  A trailing .255 can be a valid host.
:And what's worng? If they di nit subnet their B network, the tail of 
:address should be .255 too.
:If someone have particular .255 host - OK, you should not be able to ping 
:it, not more. The small fee for the free-of-smurfing-from-your-network.
:> > Why don't use the filter
:> > 
:> >  deny icmp any echo-request
:Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot 
:of networks do not block aroadcast echo-request's; no one even know how 
:to trace thos 'echo-request' packets by their network... may be I am 
:wrong, and it's because there is _a lot of ISP_ there, and even a few af 
:them who do not know how to fight against SMURF compose a good backet - I 
:do not know. 
:Really; does anyone know any sucsessfull attempts to search for the 
:smurfer? What penalty was provided for this hackers? Does exist some 
:legitimate way to establish a lawsuite against them (when they'll be 
:located - last is the only matter of qualification for their nearest ISP, 
:not more).


Jason A. Lixfeld             jlixfeld () idirect ca
iDirect Network Operations   jlixfeld () torontointernetxchange net

TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
5415 Dundas Street West      | http://www.torontointernetxchange.net
Suite 301, Toronto Ontario   | (416) 236-5806      (T)
M9B-1B5 CANADA               | (416) 236-5804        (F)

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]