North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical being smurfed?

  • From: Dalvenjah FoxFire
  • Date: Tue Feb 02 22:23:25 1999

So it had to happen. - the site listing all the current
broadcast relays usable in smurf attacks - currently appears to be
getting smurfed.

traceroute to (, 30 hops max, 40 byte packets
 6 (  18 ms  18 ms  20 ms
 7 (  18 ms  21 ms  19 ms
 8 (  34 ms  34 ms *
 9  * (  29 ms  33 ms
10 (  66 ms  69 ms  66 ms
11 (  100 ms  108 ms *
12  * * *

% ping -s
PING 56 data bytes
^C PING Statistics----
2 packets transmitted, 0 packets received, 100% packet loss

% ping -s
PING 56 data bytes
64 bytes from icmp_seq=3. time=491. ms
64 bytes from icmp_seq=7. time=89. ms
---- PING Statistics----
9 packets transmitted, 2 packets received, 77% packet loss
round-trip (ms)  min/avg/max = 89/290/491

% ping -s
PING 56 data bytes
64 bytes from ( icmp_seq=0. time=167. ms
64 bytes from ( icmp_seq=1. time=68. ms
---- PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms)  min/avg/max = 68/117/167

Since I can't afford a lawyer to actually go after these negligents who
can't seem to figure out that security is a part of being on the internet,
I'm going to post a small rant here, again.

Folks, it's not that hard to go to (when it's not being smurfed),
enter your subnets, and look to see if they give broadcasts. Heck, you could
even automate it with a simple perl script. Give the task to one of your noc
operators or something. Check your subnets, and your customers' subnets.

And for those big ISPs out there who are getting targetted by smurf attacks,
how about making your lawyers earn their keep and filing suit against the
intermediaries for such things as gross negligence, anticompetitive
practices, etc. etc. (note: I am not a lawyer). Have them get creative;
I'm sure they're bored just sitting around poring over contracts all day.

Talk to your managers. Make it a priority. But GET IT FIXED.

I also advise you to fix the problem now, while the targets are still
everyday users, and not 2 years from now, when Joe Achmed Terrorist
discovers how easy it is to take down the pentagon from a UUnet dialup
or a cable modem. Then, the FBI/CIA/military will come and fix it for you.
(After they fix their own networks, of course }:P ).


P.S. Why am I sending this here? Because despite the fact that everyone on
this list is in theory clueful, all the networks on are
customers of one of the big backbones or another, most of whom seem to have
at least a minor presence on this list. If you have friends or contacts
at backbones or ISPs who don't have a presence on nanog, forward away.
If they are your customers, FIX THEM. You cannot get by with "they are
responsible for their own networks" forever. Someone has to take
responsibility. You should, before someone passes a law to force it
upon you.

 Dalvenjah FoxFire (aka Sven Nielsen) DOS computers are by far the most popular
 Founder, the DALnet IRC Network      worldwide. Macintosh fans, on the other
                                      hand, may note that cockroaches are far
 e-mail: [email protected]            more numerous than humans, and that
 WWW:  numbers alone do not denote a higher
 whois: SN90                          life form.