North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: netscan.org update
[ On Saturday, September 23, 2000 at 21:52:52 (-0400), John Fraizer wrote: ] > Subject: Re: netscan.org update > > To more specifically answer your question though, I consider it to be less > intrusive for someone to send an ICMP echo request to the > broadcast/network address of every CIDR bit boundry of networks on our > backbone and count the replies than for someone to randomly scan for SMTP > servers and then subject those servers to a massive relay test. The SMTP > testing represents more load on hosts and the network than the SMURF > testing. I doubt it. There's almost certainly more traffic generaged by a smurf amplifier test than by relay tests over the same networks, especially if there are indeed smurf amplifiers on that network! Think about it! Troy's real answer aside: The difference is that smurf amplifiers normally only take down IRC, while spam relayers blast us all! :-) hmmm.... that would indicate the response should be the opposite, now wouldn't it, or is it that more *network* operators use IRC than email? :-) What would be interesting would be to correlate the amplifier list with data from a similar true open relay test *scan*. I'd bet it's high. -- Greg A. Woods +1 416 218-0098 VE3TCP <[email protected]> <robohack!woods> Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>
|