North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: update

  • From: John Fraizer
  • Date: Tue Sep 26 18:08:45 2000

On Tue, 26 Sep 2000, John Payne wrote:

> > few suprises for the scanner.  It's NOT an exercise that I recommend.  As
> > a matter of fact, it's quite a BAD idea.
> So why are you advocating scanning for smurf amps?

Sending a single ICMP echo-request to every /30 boundry inside our network
and those of our customers and counting the replies doesn't bother me at
all.  It is about as non-intrusive as you get.  If someone doesn't want
people sending ICMP echo-request to their network, they need to block it
at the borders.  If they do that, even if they have amp nets inside, they
won't be available for abuse from the outside.

For those of us who sell transit, it's not an option to block ICMP at the
border.  Our customers like to be able to do ping tests, blah blah blah.

In any case, I find scanning for SMURF amps and scanning for
vulnerabilities to be quite different.

Liken it to the Gas company driving up and down your street with a sniffer
looking for leaks (SMURF amps) and someone walking up to every house in
the neighborhood with a ladder and testing the second story windows
looking for those that are unlocked.

They are two completewly different things and just as scanning for
exploitable holes on our net earns a nasty suprise, walking into my yard
with a ladder and trying my windows will get you shot!

John Fraizer
EnterZone, Inc