North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

more directed broadcast attacks

  • From: Kelly J. Cooper
  • Date: Fri Mar 27 19:34:02 1998

Something on the order of 100 networks all tried to send as many echo
response packets as possible down a little 56Kb pipe on my network
today (from ~19:00 - 21:00 GMT today, 27 March 1998) and I couldn't 
reach a single network-owning site to get it shut down because ALL of 
the networks abused were in the Asian Pacific area, where it was NOT 
business hours.  So the individual numbers listed with the various 
NICs were useless & the main numbers were rather difficult to find 
and/or parse from the POV of another country.

Needless to say, I did not have any fun today.

And, although it is very tempting to just post the list of networks 
that were abused I decided not to (instead, I contacted our peers who 
are upstream of the various networks and asked them to educate their
downstreams because we've noticed an increase in attacks every time
someone posts a list of vulnerable networks to NANOG).

But I would like to forward this subset of the networks I pulled out 
of my accounting data during the attack and post them here as MY VOTE 
on why using RFC 1918 nets on an exterior net can be a Bad Idea:  

Kelly J.

Kelly J. Cooper     -     Internet Security Officer
GTE Internetworking - Powered by BBN - 800-632-7638 
150 Cambridge Park Drive         Fax - 617-873-5508
Cambridge, MA  02140