|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: identify hostname
theoretically speaking. -Taz -- Jonathan "Taz" Mischo -- Network Slave -- [email protected] Mindspring Enterprises, Inc. 1430 W. Peachtree St. Suite 400 Atlanta, GA 30309 1.800.719.4664 x2705 404.287.0770 x2705 fax: 404.287.0885 pager: [email protected] M-F2-10pET On Thu, 3 Dec 1998, Roeland M.J. Meyer wrote: > That won't work for them because you are using the same data to build > filters. In fact, you can do it in a script, automate the whole thing.. > > At 06:29 PM 12/3/98 -0500, Jonathan Mischo wrote: > >this makes sense...until someone gets lazy, and takes a week to filter, > >and the smurf brats catch on, and start querying DNS to find amplifiers. > > > >-Taz > > > >-- > >Jonathan "Taz" Mischo -- Network Slave -- [email protected] > >Mindspring Enterprises, Inc. 1430 W. Peachtree St. Suite 400 > >Atlanta, GA 30309 1.800.719.4664 x2705 404.287.0770 x2705 > >fax: 404.287.0885 pager: [email protected] M-F2-10pET > > > >On Thu, 3 Dec 1998, Roeland M.J. Meyer wrote: > > > >> At 11:32 AM 12/2/98 -0700, Pete Kruckenberg wrote: > >> >> I do have an access list deny for incoming destinations to *.*.*.255 > >> >> since I do know that the only customer we have with larger than a /24 > >> >> from us (via cw.net) also happens to have nothing larger than /26 in > >> >> their network. AFAIK, today, smurfers are only using *.*.*.255. They > >> >> would have to track a lot more information to use others, so for now I > >> >> can generally expect that deny to prevent us from being an amplifier. > >> > > >> >It's not difficult to find subnet broadcast addresses, since few routers > >> >(if they even support it) are configured to filter ICMP replies. If there > >> >isn't already software out there, it will take all of a few hours to add > >> >broadcast-finding code to the smurfing software in existence. > >> > >> Guys, > >> > >> Why not make your down-stream fill out a *complete* IN-ADDR.ARPA file which > >> lists their sub-net bcast and base addresses? That way yo could use the DNS > >> system itself to find those addresses. > >> ___________________________________________________ > >> Roeland M.J. Meyer, ISOC (InterNIC RM993) > >> e-mail: <mailto:[email protected]>[email protected] > >> Internet phone: hawk.mhsc.com > >> Personal web pages: staff<http://www.mhsc.com/~rmeyer>.mhsc.com/~rmeyer > >> Company web-site: <http://www.mhsc.com/>www.mhsc.com > >> ___________________________________________________ > >> Who is John Galt? > >> "Atlas Shrugged" - Ayn Rand > >> > > > > ___________________________________________________ > Roeland M.J. Meyer, ISOC (InterNIC RM993) > e-mail: <mailto:[email protected]>[email protected] > Internet phone: hawk.mhsc.com > Personal web pages: staff<http://www.mhsc.com/~rmeyer>.mhsc.com/~rmeyer > Company web-site: <http://www.mhsc.com/>www.mhsc.com > ___________________________________________________ > Who is John Galt? > "Atlas Shrugged" - Ayn Rand >
|