North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: update

  • From: Greg A. Woods
  • Date: Sun Sep 24 12:08:13 2000

[ On Saturday, September 23, 2000 at 21:52:52 (-0400), John Fraizer wrote: ]
> Subject: Re: update
> To more specifically answer your question though, I consider it to be less
> intrusive for someone to send an ICMP echo request to the
> broadcast/network address of every CIDR bit boundry of networks on our
> backbone and count the replies than for someone to randomly scan for SMTP
> servers and then subject those servers to a massive relay test.  The SMTP
> testing represents more load on hosts and the network than the SMURF
> testing.

I doubt it.  There's almost certainly more traffic generaged by a smurf
amplifier test than by relay tests over the same networks, especially if
there are indeed smurf amplifiers on that network!  Think about it!

Troy's real answer aside:

The difference is that smurf amplifiers normally only take down IRC,
while spam relayers blast us all!  :-)

hmmm....  that would indicate the response should be the opposite, now
wouldn't it, or is it that more *network* operators use IRC than email? :-)

What would be interesting would be to correlate the amplifier list with
data from a similar true open relay test *scan*.  I'd bet it's high.

							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>