I originally wasn't going to make the whole thing avaiable, but there was a posting a few ago on nanog listing a number of blocks, so I feel obliged to post a link to my results. I plan on putting a nice backend behind this and making it a queryable database that checks itself frequently, but I've not had the time. This list is the result of about a weeks worth of work probing a total of 48394 netblocks. Of those netblocks, 6425 were found to respond with more than one packet sent to the network address. broadcast address of 255 was not checked, nor anything else than the list here. This means 13.28% of netblocks out there are "broken". The page can be found at http://puck.nether.net/~jared/smurfblocks.html If you own any of these networks, please fix them. I'll be doing some work to get HOME-AS for these blocks into some format such that you all can do fancy web-based queries or somesuch with them. That stuff will show up at http://puck.nether.net/smurf-check/ once I get some more time. Please also visit the following pages: http://www.powertech.no/smurf/ - SAR http://www.quadrunner.com/~chuegen/smurf.txt http://www.mcs.net/smurf/ -- if you can't see this page, you're on their blacklist. a mirrored page is http://puck.nether.net/smurf/ <- here for your use. I'm not blackholing anything myself. Questions? Please direct them to me. Flames can direct your responses to nobody@nether.net Thanks. - jared
On Sat, 13 Jun 1998, Jared Mauch wrote:
I originally wasn't going to make the whole thing avaiable, but there was a posting a few ago on nanog listing a number of blocks, so I feel obliged to post a link to my results. I plan on putting a nice backend behind this and making it a queryable database that checks itself frequently, but I've not had the time.
This list is the result of about a weeks worth of work probing a total of 48394 netblocks. Of those netblocks, 6425 were found to respond with more than one packet sent to the network address. broadcast address of 255 was not checked, nor anything else than the list here. This means 13.28% of netblocks out there are "broken".
If you added a scan to check the class B nets as /24 nets I am pretty sure you would get a huge increase in broken nets. ----- Mikael Abrahamsson email: swmike@swm.pp.se
On Sat, Jun 13, 1998 at 09:52:22AM +0200, Mikael Abrahamsson wrote:
On Sat, 13 Jun 1998, Jared Mauch wrote: If you added a scan to check the class B nets as /24 nets I am pretty sure you would get a huge increase in broken nets.
I'm sure that would be the case also. I could start to scan a lot of netblocks a lot closer, but did not due to the length of time it took to run these blocks. It took me 6 days to perform this inital report, which points a quite a number of "broken" netblocks. Interesting enough, of all these blocks, I only got one e-mail from someone saying "kindly stop pinging our network address" one day after I did so. I hope to be able to do some future sweeps of netblocks. I assure you that anything which happens on this will be posted when there are new things happening. - Jared
Thus spake Jared Mauch
This list is the result of about a weeks worth of work probing a total of 48394 netblocks. Of those netblocks, 6425 were found to respond with more than one packet sent to the network address. broadcast address of 255 was not checked, nor anything else than the list here. This means 13.28% of netblocks out there are "broken".
The page can be found at http://puck.nether.net/~jared/smurfblocks.html
Why not list the netmask of the netblock as well? -- D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 424 2871 (DoD#0082) (eNTP) | what's for dinner.
On Sat, Jun 13, 1998 at 07:10:41AM -0400, D'Arcy J.M. Cain wrote:
Thus spake Jared Mauch
The page can be found at http://puck.nether.net/~jared/smurfblocks.html
Why not list the netmask of the netblock as well?
In most cases you can figure out the netmasks. These blocks were only checked at the very beginning of their space based on the bgp announcement as viewed by our network. You can look at our AS1225 feed at route-views.oregon-ix.net As long as I can get the appropriate backends in place, there will be a lot more information that i'll be making avaiable on these blocks. - jared
On Sat, 13 Jun 1998, Jared Mauch wrote:
On Sat, Jun 13, 1998 at 07:10:41AM -0400, D'Arcy J.M. Cain wrote:
Thus spake Jared Mauch
The page can be found at http://puck.nether.net/~jared/smurfblocks.html
Why not list the netmask of the netblock as well?
In most cases you can figure out the netmasks. These blocks were only checked at the very beginning of their space based on the bgp announcement as viewed by our network. You can look at our AS1225 feed at route-views.oregon-ix.net
Checking only the beginning of nets for which you receive BGP announcements fails to take into account the vast numbers of single-homed networks which are part of large supernets. i.e. One of FDT's old UUNet IP blocks was a /20 in 205.228.0.0/14. There are only a few dozen announcements for: sh ip ro 205.228.0.0 255.252.0.0 longer ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or Network Administrator | drawn and quartered...whichever Florida Digital Turnpike | is more convenient. ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
My list is by no means a complete list of smurf blocks, but more a list to give you the possible netblocks that are not fixed. It is likeley that if someone has a /19 /16 /14, etc.. that they use to assign customers out of, if the beginning of the block is smurfable, it's quite possible the rest of it is too. Someone who would like to scan the entire internet is naturally more than welcome to attempt it, scanning each possible netmask for the entire net. The problem with that is the time it will take. My list is a subset of all smurf amplifiers. I doubt they'll ever all go away, but I've seen a number of networks get filtered/fixed since the posting of it, so it's making some progress in helping. - Jared On Sat, Jun 13, 1998 at 05:27:06PM -0400, Jon Lewis wrote:
On Sat, 13 Jun 1998, Jared Mauch wrote:
On Sat, Jun 13, 1998 at 07:10:41AM -0400, D'Arcy J.M. Cain wrote:
Thus spake Jared Mauch
The page can be found at http://puck.nether.net/~jared/smurfblocks.html
Why not list the netmask of the netblock as well?
In most cases you can figure out the netmasks. These blocks were only checked at the very beginning of their space based on the bgp announcement as viewed by our network. You can look at our AS1225 feed at route-views.oregon-ix.net
Checking only the beginning of nets for which you receive BGP announcements fails to take into account the vast numbers of single-homed networks which are part of large supernets. i.e. One of FDT's old UUNet IP blocks was a /20 in 205.228.0.0/14. There are only a few dozen announcements for: sh ip ro 205.228.0.0 255.252.0.0 longer
On Sat, 13 Jun 1998, Jared Mauch wrote:
My list is by no means a complete list of smurf blocks, but more a list to give you the possible netblocks that are not fixed. It is likeley that if someone has a /19 /16 /14, etc.. that they use to assign customers out of, if the beginning of the block is smurfable, it's quite possible the rest of it is too.
OTOH, the first customer in that block might have clue, and many others might not. I'll bet we could get much more thorough coverage if you took a BGP routing table, expanded all supernets into collections of /24's, and then distributed chunks of the resulting list...sort of like the rc5 encryption breaking project. If half the subscribers of nanog would each be willing to check one chunk, the whole list could probably be processed in no time. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or Network Administrator | drawn and quartered...whichever Florida Digital Turnpike | is more convenient. ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
On Sat, Jun 13, 1998 at 05:39:43PM -0400, Jared Mauch wrote:
Someone who would like to scan the entire internet is naturally more than welcome to attempt it, scanning each possible netmask for the entire net. The problem with that is the time it will take. My list
distributed.net. Cheers, -- jr 'if everyone has a gun, no one will hijack the plane' a -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
On Sun, Jun 14, 1998 at 04:12:03PM -0400, Jay R. Ashworth wrote:
Cheers, -- jr 'if everyone has a gun, no one will hijack the plane' a
Someone will try and people will die. If no one has a gun, no one can hijack a plane. sorry couldn't resist, Erich
On Mon, 15 Jun 1998, Erich A. Boehm wrote:
On Sun, Jun 14, 1998 at 04:12:03PM -0400, Jay R. Ashworth wrote:
Cheers, -- jr 'if everyone has a gun, no one will hijack the plane' a
Someone will try and people will die. If no one has a gun, no one can hijack a plane.
I know this has nothing to do with NANOG but... Why on earth not? You could hijack the plane with other weapons if no one else had a gun. I agree with Jay, if everybody had a gun no one would hijack the plane. Anyway, this has nothing to do with NANOG and I have been up for way to long.
<> Nathan Stratton Telecom & ISP Consulting www.robotics.net nathan@robotics.net
sorry couldn't resist, Erich
At 11:09 PM -0400 6/15/98, Nathan Stratton wrote:
On Mon, 15 Jun 1998, Erich A. Boehm wrote:
On Sun, Jun 14, 1998 at 04:12:03PM -0400, Jay R. Ashworth wrote:
Cheers, -- jr 'if everyone has a gun, no one will hijack the plane' a
Someone will try and people will die. If no one has a gun, no one can hijack a plane.
I know this has nothing to do with NANOG but...
Why on earth not? You could hijack the plane with other weapons if no one else had a gun. I agree with Jay, if everybody had a gun no one would hijack the plane. Anyway, this has nothing to do with NANOG and I have been up for way to long.
Actually, not to alarm anyone, but onboard every commerical airliner, in the passenger compartment (possibly several places), is enough "equipment" to seriously damage if not cripple or destroy an airplane: There is a fire extinguisher and a flare gun. Thats more than enough to break down the crew compartment door and kill or severely injure the pilots and/or set it on fire, or cause a dangerous decompression. Oddly, this is required by the FAA. Another example which all of us on this list should know: Setting blocks of PVC on fire will kill everyone with cyanide gas. (you don't have any PVC covered cable in your plenums, do you? There is a good reason its not allowed: If the cable burns, the Airconditioning will blow the cyanide gas down on people). Guns aren't the only weapons. They're merely the most convenient, at present. Another thing to remember is that we only began to ban guns after the Black Panthers (specifically their armed guards with shotguns) burst in on the California legislature in the '60's causing a mild panic amoung the white legislators who initially assumed the armed black people were going to open fire. So in a sense, gun control is a racist activity. Another personal anecdote of gun control racism is that a roommate, who was a national record holder on the MIT pistol team, who nearly made it on US Olympic Pistol Team, a graduate of MIT with a DOD security clearance, was denied a pistol permit for a single shot, competition .22cal pistol in MA. That pretty much ended his post-college shooting practice. While no reason was given, he was Puerto Rican with apparently black features. Evidence of racism? You decide. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
participants (8)
-
darcy@druid.net -
Dean Anderson -
Erich A. Boehm -
Jared Mauch -
Jay R. Ashworth -
Jon Lewis -
Mikael Abrahamsson -
Nathan Stratton