North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMURF amplifier block list

  • From: Alex P. Rudnev
  • Date: Sat Apr 18 15:07:09 1998

> What about people who didn't subnet their class B on the eight bit 
> boundry, but made larger subnets instead?  What about the class B that 
> doesn't appear to be subnetted at all?  What about supernetted class C 
> networks?  A trailing .255 can be a valid host.
And what's worng? If they di nit subnet their B network, the tail of 
address should be .255 too.

If someone have particular .255 host - OK, you should not be able to ping 
it, not more. The small fee for the free-of-smurfing-from-your-network.

> > Why don't use the filter
> > 
> >  deny icmp any 0.0.0.255 255.255.255.0 echo-request
Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot 
of networks do not block aroadcast echo-request's; no one even know how 
to trace thos 'echo-request' packets by their network... may be I am 
wrong, and it's because there is _a lot of ISP_ there, and even a few af 
them who do not know how to fight against SMURF compose a good backet - I 
do not know. 

Really; does anyone know any sucsessfull attempts to search for the 
smurfer? What penalty was provided for this hackers? Does exist some 
legitimate way to establish a lawsuite against them (when they'll be 
located - last is the only matter of qualification for their nearest ISP, 
not more).