1Cust76.tnt1.sfo2.da.
Id say that looks like uunet. Again. Sigh.
UUnet uses ascend TNT's which they claim you cant filter directed-broadcast on. Ive ranted at them since October 20 to get this serious security hole closed. If they can't turn this off on ascend access server, they anyway can filter out broadcast addresses in their border routers (CISCO's) forwarding traffic to this access servers. The result is (almost) the same.
I've been yelling at them about that as well as not being able or willing to reverse trace spoof attacks. This attack, however, would not have been stopped by such filters, this is just the address that someone used to break into a server with.
Thanks for your help.
Brandon Ross Network Engineering 404-815-0770 800-719-4664 Director, Network Engineering, MindSpring Ent., Inc. info@mindspring.com ICQ: 2269442
Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)