Hi. May be, someone will maintain such lists? First, it allow to fix smurf source by 'log' option in the CISCO list; second, it'll prefere some attacks. On Sat, 11 Apr 1998, Karl Denninger wrote:
Date: Sat, 11 Apr 1998 15:25:33 -0500 From: Karl Denninger <karl@mcs.net> To: nanog@merit.edu Subject: SMURF amplifier block list
The following networks and masks are banned from our network at the core due to being smurf amplifiers.
When the folks who own these STOP THIS, we'll take them off the list. Contact me by TELEPHONE if you want to discuss this matter or what a Smurf is and why you should care.
I'm going to start posting the blacklist here weekly in the hopes that peer pressure will cause people to clean up their acts. Until you DO clean up your act, you're not transiting our network - period.
We're not going to accept this kind of vandalism and attractive nuisance any more. If you haven't disabled directed broadcast forwarding, you are a potential listee on this blacklist.
DO IT NOW, or risk connectivity blockades.
I urge all other network providers to block any identified smurf amplifier that they can verify, and to post their list as well.
Only through public pressure can people be forced to CORRECTLY configure their networks to make these attacks impossible to launch.
access-list 2 deny 128.118.0.0 0.0.255.255 access-list 2 deny 129.24.0.0 0.0.255.255 access-list 2 deny 129.111.0.0 0.0.255.255 access-list 2 deny 129.100.0.0 0.0.255.255 access-list 2 deny 128.40.0.0 0.0.255.255 access-list 2 deny 129.101.0.0 0.0.255.255 access-list 2 deny 203.64.0.0 0.0.255.255 access-list 2 deny 129.115.0.0 0.0.255.255 access-list 2 deny 203.108.225.0 0.0.0.255 access-list 2 deny 129.60.0.0 0.0.255.255 access-list 2 deny 137.79.0.0 0.0.255.255 access-list 2 deny 130.37.0.0 0.0.255.255 access-list 2 deny 130.70.0.0 0.0.255.255 access-list 2 deny 203.108.236.0 0.0.0.255 access-list 2 deny 132.169.0.0 0.0.255.255 access-list 2 deny 129.107.0.0 0.0.255.255 access-list 2 deny 129.49.0.0 0.0.255.255 access-list 2 deny 129.96.0.0 0.0.255.255 access-list 2 deny 130.65.0.0 0.0.255.255 access-list 2 deny 134.205.0.0 0.0.255.255 access-list 2 deny 129.29.0.0 0.0.255.255 access-list 2 deny 204.48.224.0 0.0.0.255 access-list 2 deny 205.177.49.0 0.0.0.255 access-list 2 deny 204.47.208.0 0.0.0.255 access-list 2 deny 204.242.172.0 0.0.0.255 access-list 2 deny 194.6.129.0 0.0.0.255 access-list 2 deny 206.31.78.0 0.0.0.255 access-list 2 deny 207.211.60.0 0.0.0.255 access-list 2 deny 206.27.242.0 0.0.0.255 access-list 2 deny 207.175.67.0 0.0.0.255
I'm sure there are more, but these are the ones blacklisted in our network configuration right now.
-- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)