North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Another major smurf run
David, Sorry for the flood of email. I attempted to write a script to parse cisco syslogs of a smurf attack and automatically mail contacts listed in rwhois--looks like it doesn't work so well, particularly in the case of APNIC and RIPE blocks. I will stop using it. If anyone has something that works better, I'd love to get a copy. David R. Conrad writes: > Due to the unfortunate inability for some ISPs to read statements like: > > *** please refer to whois.apnic.net for more information *** > *** before contacting APNIC *** > > I have been receiving quite a few demands to fix "my" smurf amplifying > networks (in particular, one Jon Lusky <[email protected]> has > been daily sending me a note containing the entirety of Craig's document > for each of the APNIC delegated networks that shows up in your list. There > are (sadly, far too many) others, but usually when I send back the canned > "APNIC is a registry, check here for more information" message, they get > the hint. Mr. Lusky is apparently "special"). > > Would it be possible to hit APNIC's whois server for addresses in the APNIC > blocks (202/7, 210/7, 61/8) before installing them in your web page? > > Thanks, > -drc -- Jonathan R. Lusky | Voyager Online, LLC Director of Network Operations | (423) 209-2929 [email protected] | Unlimited PPP $19.95/mo http://www.hotrod.com | http://www.voyageronline.net
|