Re: Smurf Prevention

13 Jul 1998

      On Tue, 14 Jul 1998, Richard Thomas wrote:
...
...
threat.  But after having tried to track down smurfers, I'm wondering if
anyone has ever actually done it.  I would think you would have to either
I've never heard of a smurfer being caught by anybody trying to help the
entity being smurfed (yet). 

I have, however, stumbled over a compromised linux box that was used to
initiate what i believe might be a significant amount of smurf attacks
over the last couple of weeks.  Here are some extracts from the .histroy
of the user in question (who had root access and could send forged
packets) 

Perhaps someone here knows any of the possible victims being listed below?
I do have the name and address of at least one of the hackers who abused
this box.  (the guy was supposedly fired by his now ex-employer after we
presented evidence of him being involved in this, and we have good contact
info on him). 

smurf  206.124.26.47 bcast 0 0 1024
smurf  209.184.27.6 bcast 0 0 1024
smurf #christianteens.net 0 0 1024
smurf 12.64.4.213 0 0 1024
smurf 12.64.4.213 0 0 1024
smurf 12.64.4.213 bcast 0 0 1024
smurf 12.64.64.158 bcast 0 0 1024
smurf 128.113.85.160 bcast 0 0 1024
smurf 152.167.88.8 bcast 0 0 1024
smurf 203.32.78.10 bcast 0 0 1024
smurf 204.216.6.38 bcast 0 0 1024
smurf 204.216.6.38 bcast 0 0 1024
smurf 205.218.84.128 bcast 0 0 1024
smurf 205.218.84.128 bcast 0 0 1024
smurf 205.218.84.129 0 0 1024
smurf 205.218.84.129 bcast 0 0 1024
smurf 205.218.84.129 bcast 0 0 1024
smurf 206.173.18.86 bcast 0 0 1024
smurf 206.210.95.2 bcast 0 0 1024
smurf 206.210.95.32 bcast 0 0 1024
smurf 206.210.95.44 bcast 0  0 1024
smurf 206.210.95.44 bcast 0 0 1024
smurf 206.210.95.44 bcast 0 0 1024
smurf 206.210.95.45 bcast 0 0 1024
smurf 206.210.95.8 bcast 0 0 1024
smurf 206.210.95.8 mcast 0 0 1024
smurf 206.230.144.93 bcast 0 0 1024
smurf 206.251.7.30 mcast 0 0 1024
smurf 207.173.206.157 bcast 0 0 1024
smurf 207.199.190.223 bcast 0 0 1024
smurf 207.213.242.119 bcast 0 0 1024
smurf 207.213.242.119 bcast 0 0 1024
smurf 207.213.242.119 bcast 0 0 1024
smurf 207.213.242.119 bcast 0 0 1024
smurf 207.213.242.119 bcast 0 0 1024
smurf 207.220.136.72 0 0 1024
smurf 207.220.136.72 bcast 0 0 1024
smurf 209.48.94.22 bcast 0 0 1024
smurf 209.84.188.55 bcast 0 0 1024
smurf 210.157.0.22 bcast 0 0 1024
smurf 210.157.0.22 bcast 0 0 1024
smurf 210.157.0.22 bcast 0 0 1024
smurf 210.157.0.22 bcast 0 0 1500
smurf 24.64.80.123 bcast  0 0 1024

Oystein Homelien                  |  oystein@powertech.no
PowerTech Information Systems AS  |  http://www.powertech.no/
Nedre Slottsgate 5, N-0157 OSLO   |  tel: +47-23-010-010, fax: +47-2220-0333