North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Solution: Re: Huge smurf attack
> On Mon, 11 Jan 1999, Dan Hollis wrote: > > > Or perhaps someone would like to take a proactive approach at scanning for > > smurfable networks and closing them before the script kiddies find them? > > There are at least 2 different teams already doing this. The trouble is, > who has the authority to disconnect smurf amp networks? Nobody, > really...but the reality is that if an RBL-like system were setup for You can public the access list for outgoing links discarding initial packets to this amlifyer, A lot of ISP are ready to install such lists. Or the other idea - if someone install BGP anouncing this addresses as the /32 hosts (like RBL does for spam relays) anyone can block this addresses to NULL and avoid attempts to run smurf from their customers. > smurf amp networks, and if some of the larger backbones subscribed to it, > smurf amp networks would get fixed real fast. > > Can any of the readers working for backbones (like UUNet, Sprint, C&W) > speak up and tell us if there's a chance in hell their networks would > subscribe to such a service? It's of great interest. Through, pay attention to: (1) to call 'smurf' broken servers are used; (2) most of such servers are in non-commercial networks (scientific, for example); (3) such networks often have their own peering relations instead of using UUnet and other monsters for the service. > > ----don't waste your cpu, crack rc5...www.distributed.net team enzo--- > Jon Lewis <[email protected]> | Spammers will be winnuked or > Network Administrator | nestea'd...whatever it takes > Florida Digital Turnpike | to get the job done. > ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key________ > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
|