North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!
Erik, The script I wrote isn't really that smart... It just looks for two IP's within the same /24 that were sending some kind of ICMP packet to the victim machine. Since NetFlow logs don't break ICMP down to the type and codes, I had to unilaterally make that decision. If your network is clean, I sincerely apologize for any embarrassment or hassle this may have caused, and I will remove it from the list. Regards, Christian >-----Original Message----- >From: Erik Muller [SMTP:[email protected]] >Sent: Thursday, April 30, 1998 12:14 PM >To: Martin, Christian >Subject: Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!! > > >> 163.179.230.0 > >This one's mine... the entire /24 is broken down as /30s, and .255 will >respond with nothing more sinister than an ICMP unreachable. Any details >on what results you saw that pointed to this network as an offender would >be appreciated (since I can't see any danger from it). > >---------------------------------------------------------------------------- >Erik Muller, Network Engineer [email protected] >NETCOM Network Services Support NETCOM On-Line Communication Services > > >On Wed, 29 Apr 1998, Martin, Christian wrote: > >> All, >> >> Here is my contribution to the block list. The script that generated >> this will follow. It is 'public domain', in that it can be modified, >> BUT, please give credit where credit is due! >>
|