North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!
So that's how we wound up on your list! Please remove any addresses you have for us. We are quite diligent about this, and you are most welcome to test us for smurf sourcing any time. It should definitely not work. Current addresses: 205.189.200/23 205.210.186/23 206.130.244/23 209.212.32/19 Old addresses we no longer use and will be turning back in by June: 204.50.247/24 206.107.177/23 206.186.216/23 209.5.14/23 209.50.76/22 209.50.80/22 If you are smurfed by any our downstreams on any address belonging to one of our blocks, let us know, and we will take steps to prevent their being a participant in a smurf attack. Thx, dennis > From: NOC <NOC@mercury.balink.com> > To: "'Erik Muller'" <email@example.com> > Cc: "'firstname.lastname@example.org'" <email@example.com> > Subject: RE: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!! > Date: Thu, 30 Apr 1998 15:44:58 -0400 > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > > Erik, > > The script I wrote isn't really that smart... It just looks for two IP's > within the same /24 that were sending some kind of ICMP packet to the > victim machine. Since NetFlow logs don't break ICMP down to the type > and codes, I had to unilaterally make that decision. If your network is > clean, I sincerely apologize for any embarrassment or hassle this may > have caused, and I will remove it from the list. > > Regards, > Christian > > >-----Original Message----- > >From: Erik Muller [SMTP:firstname.lastname@example.org] > >Sent: Thursday, April 30, 1998 12:14 PM > >To: Martin, Christian > >Subject: Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!! > > > > > >> 184.108.40.206 > > > >This one's mine... the entire /24 is broken down as /30s, and .255 will > >respond with nothing more sinister than an ICMP unreachable. Any details > >on what results you saw that pointed to this network as an offender would > >be appreciated (since I can't see any danger from it). > > > >--------------------------------------------------------------------------- - > >Erik Muller, Network Engineer email@example.com > >NETCOM Network Services Support NETCOM On-Line Communication Services > > > > > >On Wed, 29 Apr 1998, Martin, Christian wrote: > > > >> All, > >> > >> Here is my contribution to the block list. The script that generated > >> this will follow. It is 'public domain', in that it can be modified, > >> BUT, please give credit where credit is due! > >>