Here's the latest group of smurf-able networks. Note some cool, high-connectivity networks are on here, like Bay Networks. At least one was still active on mae-west, if you can believe it. I've filed trouble tickets with each of the network's NSP's that are on here. Operators, please check to see if a network you advertise is on this list. If it is, please set no ip directed broadcast on the lan interfaces (or get your customers to do it, as appropriate). Some of the phone calls were interesting. Many of the NOC staff did not know what a smurf attack was (so I explained it to them). Many did not want to set no ip directed-broadcast because they didn't know what it would do. Most were helpful, however, called back in a timely fashion, and had their interfaces configured quickly. 128.139.0.0 132.166.0.0 132.169.0.0 132.202.0.0 132.226.0.0 132.229.0.0 132.248.0.0 132.74.0.0 132.77.0.0 132.79.0.0 132.80.0.0 132.87.0.0 134.120.0.0 134.121.0.0 134.177.0.0 134.205.0.0 134.39.0.0 134.57.0.0 134.59.0.0 134.74.0.0 134.82.0.0 134.87.0.0 136.205.0.0 138.210.0.0 138.231.0.0 138.28.0.0 138.73.0.0 139.181.0.0 139.223.0.0 139.51.0.0 139.70.0.0 139.91.0.0 140.185.0.0 148.132.0.0 148.144.0.0 148.59.0.0 149.35.0.0 192.93.124.0 198.32.136.0 198.118.128.0 199.209.166.0 -- Dave Rand dlr@bungi.com http://www.bungi.com
It's not bad idea to catch packets TO this broadcast address and bell the alarm rings (HACKER HERE) in case if this packets appear. On Sun, 8 Mar 1998, Dave Rand wrote:
Date: Sun, 8 Mar 1998 11:09:54 PST From: Dave Rand <dlr@bungi.com> To: nanog@merit.edu Subject: More smurf fun
Here's the latest group of smurf-able networks. Note some cool, high-connectivity networks are on here, like Bay Networks. At least one was still active on mae-west, if you can believe it.
I've filed trouble tickets with each of the network's NSP's that are on here. Operators, please check to see if a network you advertise is on this list. If it is, please set no ip directed broadcast on the lan interfaces (or get your customers to do it, as appropriate).
Some of the phone calls were interesting. Many of the NOC staff did not know what a smurf attack was (so I explained it to them). Many did not want to set no ip directed-broadcast because they didn't know what it would do. Most were helpful, however, called back in a timely fashion, and had their interfaces configured quickly.
128.139.0.0 132.166.0.0 132.169.0.0 132.202.0.0 132.226.0.0 132.229.0.0 132.248.0.0 132.74.0.0 132.77.0.0 132.79.0.0 132.80.0.0 132.87.0.0 134.120.0.0 134.121.0.0 134.177.0.0 134.205.0.0 134.39.0.0 134.57.0.0 134.59.0.0 134.74.0.0 134.82.0.0 134.87.0.0 136.205.0.0 138.210.0.0 138.231.0.0 138.28.0.0 138.73.0.0 139.181.0.0 139.223.0.0 139.51.0.0 139.70.0.0 139.91.0.0 140.185.0.0 148.132.0.0 148.144.0.0 148.59.0.0 149.35.0.0 192.93.124.0 198.32.136.0 198.118.128.0 199.209.166.0
-- Dave Rand dlr@bungi.com http://www.bungi.com
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
participants (2)
-
Alex P. Rudnev
-
dlr@bungi.com