Something on the order of 100 networks all tried to send as many echo response packets as possible down a little 56Kb pipe on my network today (from ~19:00 - 21:00 GMT today, 27 March 1998) and I couldn't reach a single network-owning site to get it shut down because ALL of the networks abused were in the Asian Pacific area, where it was NOT business hours. So the individual numbers listed with the various NICs were useless & the main numbers were rather difficult to find and/or parse from the POV of another country. Needless to say, I did not have any fun today. And, although it is very tempting to just post the list of networks that were abused I decided not to (instead, I contacted our peers who are upstream of the various networks and asked them to educate their downstreams because we've noticed an increase in attacks every time someone posts a list of vulnerable networks to NANOG). But I would like to forward this subset of the networks I pulled out of my accounting data during the attack and post them here as MY VOTE on why using RFC 1918 nets on an exterior net can be a Bad Idea: 10.15.1.254 10.21.1.11 10.21.1.90 10.21.1.191 10.21.1.193 10.21.1.195 10.21.1.196 10.21.1.197 10.21.1.199 10.21.1.200 10.21.1.201 10.21.1.202 10.21.1.203 10.21.1.205 10.21.1.206 10.21.1.207 10.21.1.208 10.21.1.209 10.21.2.53 10.21.2.100 127.0.0.2 172.16.31.3 172.16.31.10 172.16.31.11 172.16.31.249 172.16.71.11 172.16.71.12 172.16.71.180 192.168.1.1 Regards, Kelly J. -- Kelly J. Cooper - Internet Security Officer GTE Internetworking - Powered by BBN - 800-632-7638 150 Cambridge Park Drive Fax - 617-873-5508 Cambridge, MA 02140 http://www.bbn.com