Whew. I actaully did the right think when I put up my filter and did the network addresses aswell. Yippie!! I was proactive! =) On Mon, 20 Apr 1998, Brandon Ross wrote: :On Sun, 19 Apr 1998, Jeremiah Kristal wrote: : :> On Sat, 18 Apr 1998, Alex P. Rudnev wrote: > :> :> I know that this week there was a smurf attack that was tracked to the :> source. I'm not sure what will happen to him. Hopefully someone from the :> NOC that caught him will let us know. : :That was us, and we do plan on prosecuting. We're in the process of :collecting information now. : :Something that happened during this attack should be a great concern to :all of us. In addition to the usual broadcast addresses being used as :amplifiers for this smurf attack, the attacker also used network :addresses. It seems that many stacks and routers will respond to a :packet with a network address in the same way as a broadcast address. : :Luckily Cisco's "no ip directed-broadcast" already took that into account :and blocks those packets, however, if you don't have a Cisco and are :having to configure manual filters to avoid being an amplifier site, you :_must_ filter out network addresses as well as broadcast addresses. : :Please, spread the word. : :P.S. I'd like to publicly thank Icon, Digex, and BBN as well as the EPA :(yes folks, the Environmental Protection Agency, they were being used as :an amplifier in this attack) for their help in tracing this attack to the :source. : :Brandon Ross Network Engineering 404-815-0770 800-719-4664 :Director, Network Engineering, MindSpring Ent., Inc. info@mindspring.com :Mosher's Law of Software Engineering: Don't worry if it doesn't work :right. If everything did, you'd be out of a job. : : -- Regards, Jason A. Lixfeld jlixfeld@idirect.ca iDirect Network Operations jlixfeld@torontointernetxchange.net --------------------------------------------------------------------- TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company" Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs" 5415 Dundas Street West | http://www.torontointernetxchange.net Suite 301, Toronto Ontario | (416) 236-5806 (T) M9B-1B5 CANADA | (416) 236-5804 (F) ---------------------------------------------------------------------