North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: SMURF amplifier block list
In article <Pine.BSI.firstname.lastname@example.org>, Michael Dillon <email@example.com> wrote: > If Karl will supply us the IP address of a non-critical machine in his > network then we only need one list maintained. Anyone can then add new > networks to Karl's list simply by smurfing his non-critical machine and it > will still meet his criteria of a verified atack. Careful. I could, from a well-connected machine, launch a stream of forged ICMP echo replies from various 199.166.227.x addresses. This would cause it to look like junction.net was the source of a smurf, and cause them to be blocked. Well, in the case of junction.net, there is no such forgery needed. ~$ host www.memra.com www.memra.com A 18.104.22.168 ~$ ping 22.214.171.124 PING 126.96.36.199 (188.8.131.52): 56 data bytes 64 bytes from 184.108.40.206: icmp_seq=0 ttl=243 time=110.2 ms 64 bytes from 220.127.116.11: icmp_seq=0 ttl=51 time=111.0 ms (DUP!) 64 bytes from 18.104.22.168: icmp_seq=0 ttl=242 time=112.2 ms (DUP!) 64 bytes from 22.214.171.124: icmp_seq=0 ttl=51 time=112.8 ms (DUP!) 64 bytes from 126.96.36.199: icmp_seq=0 ttl=51 time=113.7 ms (DUP!) 64 bytes from 188.8.131.52: icmp_seq=0 ttl=51 time=114.3 ms (DUP!) 64 bytes from 184.108.40.206: icmp_seq=0 ttl=51 time=115.0 ms (DUP!) 64 bytes from 220.127.116.11: icmp_seq=0 ttl=51 time=115.7 ms (DUP!) 64 bytes from 18.104.22.168: icmp_seq=0 ttl=242 time=116.4 ms (DUP!) 64 bytes from 22.214.171.124: icmp_seq=0 ttl=51 time=117.0 ms (DUP!) 64 bytes from 126.96.36.199: icmp_seq=0 ttl=242 time=117.7 ms (DUP!) 64 bytes from 188.8.131.52: icmp_seq=0 ttl=51 time=118.3 ms (DUP!) 64 bytes from 184.108.40.206: icmp_seq=0 ttl=242 time=119.0 ms (DUP!) --- 220.127.116.11 ping statistics --- 1 packets transmitted, 1 packets received, +12 duplicates, 0% packet loss round-trip min/avg/max = 110.2/114.8/119.0 ms -- Shields, CrossLink.