Home page logo

nanog logo nanog mailing list archives

Re: Network Operators and smurf
From: darcy () druid net (D'Arcy J.M. Cain)
Date: Sun, 26 Apr 1998 23:34:46 -0400 (EDT)

Thus spake Karl Denninger
I will remove those blocks when I can PROVE that they can no longer be used
as a smurf amplifier.  To date, NOBODY on the list has come forward and said
"we've audited and fixed, please remove the block".

I have got one site to fix their routers.  It's the DISA Information Systems
Center on netblock  I explained the situation and gave them
a few pointers.  A few days laterthey had fixed it and they no longer
act as an amplifier.  Very satisfying.

Another one,, bounced my email but they seem to have fixed
their routers anyway.  Perhaps someone local called them up and harrassed
them about it.  

PSU (which is on the list) said "we're looking into it" but that was more
than two weeks ago! How long does it take to telnet into your routers and
check the ethernet interfaces for the correct configuration?  A day or so?
Perhaps, even if you have a HUGE netwokr.

Perhaps when pointing at problem networks, just mention the netblock.
That way we can compare it with our own lists.

Here's one that seems particularly troublesome and I know it is in your
list as well.

---- PING Statistics----
2 packets transmitted, 2 packets received, +110 duplicates, 0% packet loss
In Karl's list
descr:       University of Texas at San Antonio
descr:       7000 NW Loop 1604
descr:       San Antonio
descr:       TX 78285, USA
origin:      AS3354
comm-list:   COMM_NSFNET
advisory:    AS690 1:1800 2:1239
mnt-by:      MAINT-AS3354
changed:     selina () ans net 951010
source:      RADB

University of Texas at San Antonio (UTSA-DOM)
   Computing Resources  
   7000 NW Loop 1604
   San Antonio, TX 78285
   Domain Name: UTSA.EDU
   Administrative Contact:
      Massey, John  (JM828)  CRJWM () UTSA86 UTSA EDU
      (512) 691-4555 
   Technical Contact, Zone Contact:
      Dominguez, Joaquin  (JD386)  3CRJXD () UTSA86 UTSA EDU
      (512) 691-4555

   Record last updated on 09-Sep-93.
   Record created on 14-Dec-90.
   Database last updated on 15-Apr-98 03:43:36 EDT.

   Domain servers in listed order:


Looks to me like they have been running on autopilot for 5 years.  I
sent email to the contact addresses and, since I had doubts that they
were valid addresses, I copied root and hostmaster.  Root and hostmaster
bounced and the others seem to have been completely ignored.  Perhaps
someone closer to them can poke around and see what the situation is.

This is great because each success has a significant overall effect.

D'Arcy J.M. Cain <darcy () {druid|vex}.net>   |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 424 2871     (DoD#0082)    (eNTP)   |  what's for dinner.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]