0.0.0.0 10.0.4.0 127.0.0.0 255.255.255.0
These are pretty cool, I must say. Exactly how does the smurf attacker route their echo requests to them? Vern
On Thu, Jun 18, 1998 at 10:16:38PM -0700, Vern Paxson wrote:
0.0.0.0 10.0.4.0 127.0.0.0 255.255.255.0
These are pretty cool, I must say. Exactly how does the smurf attacker route their echo requests to them?
Vern
They are straight forged packet flows. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
On Thu, Jun 18, 1998 at 10:16:38PM -0700, Vern Paxson wrote: ==>> 0.0.0.0 ==>> 10.0.4.0 ==>> 127.0.0.0 ==>> 255.255.255.0 ==> ==>These are pretty cool, I must say. Exactly how does the smurf attacker ==>route their echo requests to them? For 0.0.0.0 and 255.255.255.255 (common responses to the echo requests), it's usually due to some network devices which don't check to see if they have a proper IP address before responding. i.e., someone didn't configure their printer with an IP address but it replies anyway. For 127.0.0.1, I generally see this when a UNIX box is the router which forwards the directed-broadcast--it replies to itself with a packet from 127.0.0.1, which is also broken. 10.0.4.0 is certainly interesting, and probably is due to two IP subnets being run on the same wire. /cah
participants (3)
-
Craig A. Huegen
-
Karl Denninger
-
Vern Paxson