-----Original Message----- From: Brian Horvitz <horvitz@shore.net> To: Richard Thomas <buglord@ex-pressnet.com> Cc: nanog@merit.edu <nanog@merit.edu> Date: Wednesday, July 22, 1998 2:51 PM Subject: Re: Smurfable Networks

Actually, it turns out that a some of what I posted were only echo replies from single hosts. This was indeed a real smurf..at one point we were pulling about 50 Meg over 3 T3s. The error I made was in generating the list of amplifier networks from my log files. Networks with even one single echo reply to the target address were included in the list. Such was the case with the net 12 entries - each one corresponded only to one IP address, not a whole network worth.

I tried about 30 from the list and didn't get a single dupe, but anyhow, check out SmurfLog v1.1 available at http://www.sy.net/security by yours truly, a much better way to gather only the guilty without generating 2 gig log files in the process.