Karl, While I applaud your efforts, think it is the right the to do (given a lack of action on the part of ISPs responsible and the damage smurf attacks can cause), I have one (hopefully minor) request: Due to the unfortunate inability for some ISPs to read statements like: *** please refer to whois.apnic.net for more information *** *** before contacting APNIC *** I have been receiving quite a few demands to fix "my" smurf amplifying networks (in particular, one Jon Lusky <lusky@earth.voyageronline.net> has been daily sending me a note containing the entirety of Craig's document for each of the APNIC delegated networks that shows up in your list. There are (sadly, far too many) others, but usually when I send back the canned "APNIC is a registry, check here for more information" message, they get the hint. Mr. Lusky is apparently "special"). Would it be possible to hit APNIC's whois server for addresses in the APNIC blocks (202/7, 210/7, 61/8) before installing them in your web page? Thanks, -drc At 06:13 PM 5/5/98 -0500, Karl Denninger wrote:
Hi Folks,
If you're monitoring my page on this, you want to take a look in another 10-15 minutes.
We were just hit by another major smurf attack, and I captured over a dozen new prefixes (which got added to our "bite me" list).
http://www.mcs.net/smurf (update in process right now; give it 10-15 minutes)
-- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost