North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMURF amplifier block list
On Sun, Apr 12, 1998 at 12:35:44PM -0700, Craig A. Huegen wrote: > On Sun, 12 Apr 1998, Alex P. Rudnev wrote: > > ==>Remember, this intruders use small ISP as their service providers, not > ==>huge MCI or SPRINT. > > Actually, the majority of these people use compromised root accounts in > educational institutions, educational residence halls w/ Ethernet, > enterprises w/o decent firewalls, and co-location machines. > > There are lists which exist of over 200-300 compromised root accounts and > access capabilities from which someone can launch an attack. > > /cah Yep. But the point still remains that if you can't get the traffic out of the source network a smurf attempt doesn't work. Those "educational" sites which allow residence hall connections to launch this kind of thing deserve to be permanently black-holed from the Internet until they fix things. And yes, I know this means they'll have to spend money. Tough cookies. This is NOT an unsolvable problem (I can solve it with a $1,000 PC running IPFW between the residence hall Ethernet and the rest of the campus, or a few statements in a CISCO config) so people saying its an intractable problem are lying. Period. -- -- Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
|