North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMURF amplifier block list
I do not know. I think it's urgent nessecaty to create some method to back-trace any SRC address, realised (at least) by CISCO, because it's clean we are not ready (we - hw. vendors, CEF is too new and unchecked futore and do not work at middle-class routers and access-servers where it's place for the SRC filtering) to make strict src-filtering at the customer-links level. On Sun, 19 Apr 1998 [email protected] wrote: > Date: Sun, 19 Apr 1998 18:48:32 -0400 (EDT) > From: [email protected] > To: "Alex P. Rudnev" <[email protected]> > Cc: Dan Boehlke <[email protected]>, Dean Anderson <[email protected]>, > [email protected] > Subject: Re: SMURF amplifier block list > > Cisco has a method of tracing SMuRF, do they not? Anyone know how they do > it?! Is it some imbedded thing, or do they call the owners of each > network and pray that they have Ciscos? > > On Sat, 18 Apr 1998, Alex P. Rudnev wrote: > > :> What about people who didn't subnet their class B on the eight bit > :> boundry, but made larger subnets instead? What about the class B that > :> doesn't appear to be subnetted at all? What about supernetted class C > :> networks? A trailing .255 can be a valid host. > :And what's worng? If they di nit subnet their B network, the tail of > :address should be .255 too. > : > :If someone have particular .255 host - OK, you should not be able to ping > :it, not more. The small fee for the free-of-smurfing-from-your-network. > : > :> > Why don't use the filter > :> > > :> > deny icmp any 0.0.0.255 255.255.255.0 echo-request > :Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot > :of networks do not block aroadcast echo-request's; no one even know how > :to trace thos 'echo-request' packets by their network... may be I am > :wrong, and it's because there is _a lot of ISP_ there, and even a few af > :them who do not know how to fight against SMURF compose a good backet - I > :do not know. > : > :Really; does anyone know any sucsessfull attempts to search for the > :smurfer? What penalty was provided for this hackers? Does exist some > :legitimate way to establish a lawsuite against them (when they'll be > :located - last is the only matter of qualification for their nearest ISP, > :not more). > : > : > > -- > Regards, > > Jason A. Lixfeld [email protected] > iDirect Network Operations [email protected] > > --------------------------------------------------------------------- > TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company" > Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs" > 5415 Dundas Street West | http://www.torontointernetxchange.net > Suite 301, Toronto Ontario | (416) 236-5806 (T) > M9B-1B5 CANADA | (416) 236-5804 (F) > --------------------------------------------------------------------- > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
|