On Mon, 13 Jul 1998, Richard Thomas wrote:
HOW HARD CAN IT BE to take care of 500 broadcasts? Very hard, since the only bcasts still left are those with broken contact information and upstreams who haven't been informed or who don't give a damn. Maybe if we all
-----Original Message----- From: Joe Shaw <jshaw@insync.net> To: Richard Thomas <buglord@ex-pressnet.com> Cc: nanog@merit.edu <nanog@merit.edu> Date: Monday, July 13, 1998 10:44 AM Subject: Re: Smurf Prevention picked
10 of the worst offenders every day, picked up the phone, and started informing people who have missed the boat...
I'm still quite fond of blackholing entities which are completely irresponsible, though for the larger carriers this wouldn't be much of a threat. But after having tried to track down smurfers, I'm wondering if anyone has ever actually done it. I would think you would have to either get in touch with a smurf amplifier or their upstream to track the DoS, but how successful has anyone been in doing so? I would think that since smurfs have been popular amongst the script kiddies for so long that all the entities that are easy to get in touch with have already heard from victims and hopefully fixed the situation. Also, I wonder if there is any way to hold the amplifiers legally responsible for smurfs that use their networks after being given repeated notice?
I certainly know people who have had it traced back (when a bcast being used is on a major backbone, or after 2-3 days of being attacked), but I have not actually heard of anyone being "caught". In all cases the smurfer was on a university network, several times in euro, a few in the US, and no attempts were made to find the kid involved. Besides we all know the only thing they would find is someone's wingate. As for holding amplifiers responsible, everyone talks about it, nobody does it, and if they are liable for being a broadcast you're not gonna get much of a judgement, since you can't prove malicious intent.
On Tue, 14 Jul 1998, Richard Thomas wrote:
threat. But after having tried to track down smurfers, I'm wondering if anyone has ever actually done it. I would think you would have to either
I've never heard of a smurfer being caught by anybody trying to help the entity being smurfed (yet). I have, however, stumbled over a compromised linux box that was used to initiate what i believe might be a significant amount of smurf attacks over the last couple of weeks. Here are some extracts from the .histroy of the user in question (who had root access and could send forged packets) Perhaps someone here knows any of the possible victims being listed below? I do have the name and address of at least one of the hackers who abused this box. (the guy was supposedly fired by his now ex-employer after we presented evidence of him being involved in this, and we have good contact info on him). smurf 206.124.26.47 bcast 0 0 1024 smurf 209.184.27.6 bcast 0 0 1024 smurf #christianteens.net 0 0 1024 smurf 12.64.4.213 0 0 1024 smurf 12.64.4.213 0 0 1024 smurf 12.64.4.213 bcast 0 0 1024 smurf 12.64.64.158 bcast 0 0 1024 smurf 128.113.85.160 bcast 0 0 1024 smurf 152.167.88.8 bcast 0 0 1024 smurf 203.32.78.10 bcast 0 0 1024 smurf 204.216.6.38 bcast 0 0 1024 smurf 204.216.6.38 bcast 0 0 1024 smurf 205.218.84.128 bcast 0 0 1024 smurf 205.218.84.128 bcast 0 0 1024 smurf 205.218.84.129 0 0 1024 smurf 205.218.84.129 bcast 0 0 1024 smurf 205.218.84.129 bcast 0 0 1024 smurf 206.173.18.86 bcast 0 0 1024 smurf 206.210.95.2 bcast 0 0 1024 smurf 206.210.95.32 bcast 0 0 1024 smurf 206.210.95.44 bcast 0 0 1024 smurf 206.210.95.44 bcast 0 0 1024 smurf 206.210.95.44 bcast 0 0 1024 smurf 206.210.95.45 bcast 0 0 1024 smurf 206.210.95.8 bcast 0 0 1024 smurf 206.210.95.8 mcast 0 0 1024 smurf 206.230.144.93 bcast 0 0 1024 smurf 206.251.7.30 mcast 0 0 1024 smurf 207.173.206.157 bcast 0 0 1024 smurf 207.199.190.223 bcast 0 0 1024 smurf 207.213.242.119 bcast 0 0 1024 smurf 207.213.242.119 bcast 0 0 1024 smurf 207.213.242.119 bcast 0 0 1024 smurf 207.213.242.119 bcast 0 0 1024 smurf 207.213.242.119 bcast 0 0 1024 smurf 207.220.136.72 0 0 1024 smurf 207.220.136.72 bcast 0 0 1024 smurf 209.48.94.22 bcast 0 0 1024 smurf 209.84.188.55 bcast 0 0 1024 smurf 210.157.0.22 bcast 0 0 1024 smurf 210.157.0.22 bcast 0 0 1024 smurf 210.157.0.22 bcast 0 0 1024 smurf 210.157.0.22 bcast 0 0 1500 smurf 24.64.80.123 bcast 0 0 1024 Oystein Homelien | oystein@powertech.no PowerTech Information Systems AS | http://www.powertech.no/ Nedre Slottsgate 5, N-0157 OSLO | tel: +47-23-010-010, fax: +47-2220-0333
participants (2)
-
Oystein Homelien -
Richard Thomas