SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!
All, Here is my contribution to the block list. The script that generated this will follow. It is 'public domain', in that it can be modified, BUT, please give credit where credit is due! !!!!!NOTE: This script assumes that the offending bounce sites are /24 blocks. It isn't that smart yet, but if someone can figure out a way to glean more info, modify the script and repost. #!/bin/ksh # ------------------------------------------------------------------------ -- # @(#) File: catch.sh by Kevin A. Ho and Christian Martin Release 1.0 # # Description: This script reads a NetFlow log produced on Cisco routers # that employ NetFlow switching. The script parses the log # and generates the network address of the amplifying network. # Then, the script runs the netblock (assumes a /24 mask) # against your favorite route-server (could use a gated box # as well) and pulls the originating AS from the BGP table. # Then, it runs the AS pulled from the route server against # the "whois" query program to obtain the AS info and # other related info on the network address. # ------------------------------------------------------------------------ -- LOGFILE=$1 WHOIS=/usr/bin/whois WHOIS_SRVR=whois.ra.net ROUTE_SRVR=route-server.cerf.net TARGET=$2 case $# in 1) IPlist[0]=$1 ;; *) print "Building network address list ..." set -A IPlist `awk '{if(($5 == "01")&&($4 == TG)) print $2}' TG=$TARGET ${LOGFILE} | awk -F"." '{ printf("%s.%s.%s.0\n", $1, $2, $3)}' | sort -u` ;; esac for IPaddr in ${IPlist[*]} do print ${IPaddr} done __________________________________________ HERE IS THE LIST 10.10.100.0 10.128.14.0 10.158.36.0 10.3.0.0 10.3.1.0 10.4.0.0 100.100.1.0 12.0.40.0 12.1.9.0 12.10.2.0 12.10.6.0 12.10.7.0 12.11.0.0 12.127.114.0 12.127.192.0 12.127.240.0 12.13.1.0 12.3.0.0 12.4.5.0 12.63.7.0 12.7.2.0 125.83.77.0 127.0.0.0 128.1.21.0 128.135.111.0 128.135.113.0 128.135.115.0 128.135.117.0 128.135.168.0 128.135.2.0 128.135.253.0 128.135.4.0 128.135.47.0 128.135.61.0 128.135.70.0 128.135.76.0 128.135.91.0 128.135.99.0 128.203.208.0 128.252.152.0 128.252.221.0 128.252.223.0 128.252.233.0 128.252.234.0 128.252.7.0 128.252.84.0 128.39.0.0 128.39.16.0 128.39.3.0 128.97.172.0 128.97.173.0 128.97.21.0 129.210.11.0 129.210.208.0 129.210.209.0 129.210.210.0 129.210.211.0 129.210.40.0 129.210.42.0 129.210.43.0 129.210.8.0 129.210.84.0 129.210.87.0 129.241.181.0 129.241.200.0 130.15.1.0 130.15.8.0 130.194.225.0 130.194.25.0 130.194.31.0 130.195.2.0 130.198.253.0 130.236.252.0 130.236.254.0 130.237.1.0 130.237.245.0 130.237.247.0 130.237.28.0 130.237.32.0 130.237.72.0 130.237.9.0 130.239.136.0 130.239.5.0 130.242.100.0 130.244.10.0 130.244.12.0 130.244.136.0 130.244.16.0 130.244.2.0 130.244.24.0 130.244.25.0 130.244.3.0 130.251.21.0 130.251.86.0 130.79.200.0 130.79.23.0 130.79.32.0 130.79.36.0 131.1.183.0 131.1.184.0 131.1.185.0 131.1.186.0 131.1.187.0 131.1.188.0 131.1.189.0 131.115.126.0 131.115.184.0 131.115.185.0 131.115.189.0 131.115.47.0 131.115.48.0 131.115.49.0 131.119.16.0 131.154.1.0 131.175.223.0 131.175.238.0 131.175.242.0 131.175.57.0 131.178.1.0 131.178.38.0 131.178.60.0 134.124.99.0 134.153.2.0 134.153.240.0 134.153.80.0 134.184.1.0 134.184.129.0 134.184.15.0 134.184.250.0 134.184.30.0 134.184.31.0 134.184.32.0 134.184.66.0 134.222.12.0 134.222.2.0 134.222.200.0 134.222.28.0 134.222.30.0 134.58.24.0 134.58.25.0 134.58.255.0 134.58.40.0 134.58.41.0 134.58.43.0 134.58.45.0 134.58.61.0 134.59.1.0 134.87.109.0 134.87.18.0 134.87.96.0 134.87.98.0 134.92.229.0 137.121.1.0 137.121.254.0 137.204.64.0 137.39.139.0 137.39.178.0 138.195.33.0 138.200.111.0 138.200.65.0 138.200.66.0 138.200.68.0 138.200.70.0 138.200.77.0 138.73.1.0 139.130.1.0 139.130.10.0 139.130.120.0 139.130.128.0 139.130.159.0 139.130.2.0 139.130.3.0 139.130.43.0 139.130.48.0 139.130.6.0 139.130.64.0 139.130.65.0 139.130.76.0 139.130.79.0 139.165.30.0 139.165.32.0 139.165.40.0 139.223.200.0 139.3.63.0 139.4.26.0 139.57.16.0 139.58.230.0 140.127.240.0 140.78.1.0 140.78.127.0 140.78.222.0 140.78.223.0 140.78.93.0 140.96.70.0 141.108.220.0 141.108.253.0 141.66.176.0 142.103.3.0 142.132.1.0 142.165.5.0 142.22.218.0 142.232.83.0 142.232.84.0 142.51.1.0 142.58.12.0 142.58.145.0 142.74.1.0 143.169.5.0 143.225.190.0 143.233.122.0 143.233.123.0 143.43.128.0 143.43.130.0 143.43.131.0 143.43.133.0 143.43.3.0 144.228.131.0 144.85.1.0 144.85.10.0 144.85.200.0 144.85.207.0 144.85.3.0 145.228.110.0 145.228.114.0 145.228.200.0 145.228.222.0 145.228.95.0 146.83.1.0 147.102.12.0 147.102.13.0 147.102.222.0 147.151.103.0 147.151.171.0 147.162.1.0 147.162.199.0 147.162.8.0 147.162.99.0 147.211.45.0 147.211.55.0 147.250.1.0 147.83.124.0 147.83.32.0 147.83.4.0 147.83.41.0 147.91.1.0 147.91.8.0 147.96.1.0 147.96.10.0 147.96.100.0 147.96.19.0 147.96.20.0 147.96.21.0 147.96.22.0 147.96.23.0 147.96.24.0 147.96.25.0 147.96.3.0 147.96.33.0 147.96.37.0 147.96.4.0 147.96.42.0 147.96.5.0 147.96.6.0 147.96.90.0 148.202.1.0 148.202.2.0 148.202.3.0 148.202.34.0 148.202.4.0 148.202.5.0 148.202.8.0 148.202.93.0 148.206.128.0 148.206.32.0 148.207.1.0 148.207.10.0 148.207.100.0 148.207.104.0 148.207.2.0 148.207.20.0 148.207.25.0 148.207.38.0 148.207.40.0 148.214.12.0 148.214.13.0 148.225.14.0 149.142.172.0 149.142.47.0 150.146.201.0 150.146.5.0 150.162.1.0 150.162.237.0 150.162.248.0 150.162.254.0 150.163.130.0 150.210.23.0 150.210.24.0 150.210.25.0 150.210.26.0 150.210.3.0 150.210.33.0 150.214.110.0 150.214.112.0 150.214.115.0 150.214.163.0 150.214.169.0 150.214.218.0 150.214.231.0 150.214.32.0 150.214.35.0 150.214.69.0 151.99.0.0 151.99.107.0 151.99.155.0 151.99.48.0 152.74.49.0 152.74.52.0 152.84.100.0 152.84.254.0 154.11.136.0 154.11.8.0 155.105.102.0 155.105.2.0 155.105.255.0 155.105.3.0 155.207.100.0 155.207.112.0 155.207.18.0 155.207.19.0 155.207.199.0 155.207.26.0 155.207.30.0 156.14.1.0 156.14.20.0 156.14.254.0 156.14.30.0 157.130.0.0 157.130.225.0 157.130.33.0 157.130.5.0 157.138.1.0 157.138.115.0 157.161.254.0 157.169.10.0 157.27.32.0 157.27.6.0 157.88.142.0 157.88.143.0 157.88.31.0 157.92.1.0 158.122.64.0 158.122.65.0 158.122.90.0 158.227.6.0 158.251.1.0 158.251.12.0 158.251.16.0 158.251.17.0 158.251.18.0 158.251.19.0 158.251.20.0 158.251.250.0 158.251.3.0 158.251.4.0 158.37.1.0 158.47.18.0 158.47.4.0 158.49.129.0 158.49.133.0 158.49.134.0 158.49.137.0 158.49.247.0 159.84.12.0 160.97.1.0 160.97.225.0 160.97.4.0 160.97.5.0 160.97.52.0 161.142.0.0 161.142.100.0 161.142.2.0 161.142.227.0 161.142.24.0 161.142.8.0 163.117.131.0 163.13.1.0 163.13.140.0 163.13.141.0 163.15.250.0 163.15.252.0 163.179.230.0 163.9.4.0 164.128.116.0 164.128.119.0 164.128.122.0 164.128.123.0 164.128.57.0 164.128.81.0 164.15.44.0 164.15.89.0 164.41.2.0 165.154.1.0 165.154.105.0 165.154.140.0 166.48.38.0 168.8.16.0 169.226.116.0 169.226.2.0 169.226.23.0 169.226.28.0 169.226.38.0 169.226.4.0 170.210.0.0 172.16.0.0 172.16.1.0 172.16.2.0 172.16.4.0 172.17.50.0 172.21.10.0 172.31.7.0 18.26.0.0 192.0.1.0 192.100.161.0 192.100.180.0 192.100.181.0 192.106.1.0 192.106.7.0 192.107.131.0 192.107.51.0 192.107.52.0 192.107.53.0 192.108.114.0 192.109.80.0 192.109.81.0 192.12.77.0 192.121.120.0 192.121.83.0 192.129.50.0 192.132.41.0 192.134.106.0 192.134.130.0 192.134.192.0 192.135.34.0 192.135.68.0 192.139.190.0 192.139.196.0 192.139.197.0 192.139.230.0 192.139.245.0 192.147.246.0 192.148.167.0 192.150.75.0 192.159.121.0 192.16.137.0 192.165.120.0 192.165.146.0 192.165.243.0 192.167.13.0 192.167.192.0 192.167.198.0 192.168.0.0 192.168.1.0 192.168.10.0 192.168.11.0 192.168.122.0 192.168.162.0 192.168.168.0 192.168.177.0 192.168.191.0 192.168.199.0 192.168.2.0 192.168.203.0 192.168.21.0 192.168.250.0 192.168.5.0 192.168.6.0 192.168.66.0 192.176.122.0 192.190.209.0 192.197.60.0 192.2.200.0 192.228.128.0 192.33.182.0 192.36.60.0 192.36.97.0 192.4.0.0 192.41.218.0 192.44.77.0 192.5.82.0 192.54.144.0 192.54.174.0 192.54.188.0 192.54.242.0 192.6.5.0 192.65.91.0 192.67.248.0 192.68.63.0 192.70.23.0 192.70.34.0 192.70.57.0 192.70.82.0 192.70.87.0 192.70.98.0 192.71.157.0 192.71.57.0 192.72.111.0 192.72.151.0 192.72.24.0 192.72.33.0 192.75.204.0 192.75.205.0 192.75.62.0 192.82.124.0 192.83.196.0 192.84.152.0 192.89.123.0 192.93.29.0 192.93.74.0 192.93.8.0 192.93.80.0 192.93.82.0 192.95.223.0 193.10.48.0 193.10.49.0 193.10.50.0 193.10.62.0 193.103.148.0 193.103.168.0 193.104.101.0 193.105.56.0 193.114.246.0 193.118.192.0 193.118.200.0 193.12.151.0 193.12.69.0 193.12.71.0 193.122.87.0 193.127.1.0 193.13.131.0 193.13.144.0 193.14.104.0 193.14.11.0 193.14.29.0 193.14.68.0 193.141.156.0 193.141.171.0 193.141.232.0 193.141.241.0 193.141.75.0 193.141.76.0 193.141.77.0 193.141.78.0 193.144.75.0 193.145.132.0 193.145.133.0 193.145.222.0 193.145.248.0 193.145.254.0 193.145.40.0 193.145.41.0 193.145.54.0 193.145.59.0 193.145.60.0 193.145.61.0 193.146.95.0 193.15.20.0 193.15.241.0 193.15.55.0 193.15.86.0 193.156.89.0 193.156.92.0 193.158.124.0 193.164.160.0 193.164.161.0 193.164.172.0 193.170.33.0 193.170.35.0 193.171.114.0 193.171.20.0 193.171.22.0 193.180.104.0 193.182.172.0 193.189.224.0 193.189.241.0 193.189.249.0 193.190.10.0 193.190.144.0 193.190.170.0 193.190.171.0 193.190.192.0 193.190.194.0 193.190.196.0 193.190.197.0 193.190.2.0 193.190.231.0 193.190.249.0 193.192.192.0 193.192.193.0 193.192.199.0 193.192.200.0 193.192.206.0 193.192.225.0 193.192.23.0 193.204.120.0 193.204.16.0 193.204.191.0 193.204.208.0 193.204.210.0 193.204.30.0 193.204.64.0 193.205.160.0 193.205.165.0 193.205.189.0 193.205.190.0 193.216.236.0 193.216.250.0 193.252.19.0 193.252.235.0 193.252.252.0 193.36.32.0 193.36.37.0 193.38.83.0 193.38.84.0 193.43.43.0 193.43.44.0 193.44.236.0 193.44.5.0 193.44.90.0 193.45.158.0 193.45.251.0 193.45.79.0 193.48.145.0 193.48.168.0 193.48.198.0 193.48.200.0 193.48.226.0 193.48.24.0 193.48.241.0 193.48.39.0 193.48.40.0 193.48.45.0 193.48.75.0 193.49.105.0 193.49.112.0 193.49.164.0 193.49.205.0 193.49.29.0 193.49.67.0 193.5.152.0 193.5.153.0 193.5.154.0 193.5.54.0 193.5.56.0 193.50.217.0 193.50.225.0 193.50.235.0 193.51.104.0 193.51.105.0 193.51.136.0 193.51.198.0 193.51.80.0 193.51.86.0 193.52.10.0 193.52.211.0 193.52.223.0 193.52.72.0 193.52.80.0 193.52.81.0 193.54.185.0 193.54.208.0 193.54.232.0 193.54.238.0 193.54.42.0 193.54.98.0 193.55.218.0 193.55.220.0 193.55.96.0 193.56.4.0 193.71.3.0 193.74.243.0 193.80.12.0 193.80.60.0 193.90.64.0 193.92.3.0 193.98.1.0 193.98.110.0 193.98.230.0 193.98.9.0 193.98.90.0 194.103.200.0 194.103.205.0 194.106.165.0 194.106.254.0 194.109.7.0 194.109.9.0 194.115.115.0 194.115.128.0 194.117.203.0 194.117.204.0 194.118.1.0 194.118.23.0 194.118.26.0 194.119.216.0 194.119.225.0 194.119.228.0 194.120.12.0 194.120.124.0 194.120.40.0 194.122.108.0 194.122.231.0 194.122.236.0 194.122.240.0 194.123.81.0 194.133.98.0 194.134.5.0 194.137.236.0 194.137.237.0 194.139.104.0 194.148.1.0 194.158.141.0 194.158.154.0 194.158.155.0 194.158.96.0 194.158.97.0 194.16.110.0 194.16.184.0 194.16.186.0 194.16.190.0 194.16.2.0 194.16.207.0 194.16.50.0 194.162.192.0 194.162.200.0 194.162.25.0 194.162.252.0 194.162.253.0 194.162.254.0 194.162.27.0 194.162.29.0 194.162.66.0 194.162.73.0 194.163.184.0 194.164.0.0 194.164.70.0 194.167.133.0 194.167.136.0 194.167.138.0 194.167.139.0 194.167.147.0 194.167.148.0 194.167.195.0 194.168.23.0 194.168.7.0 194.17.121.0 194.17.162.0 194.17.163.0 194.17.177.0 194.172.112.0 194.174.238.0 194.174.252.0 194.175.112.0 194.175.173.0 194.177.121.0 194.177.122.0 194.177.124.0 194.177.125.0 194.177.127.0 194.177.208.0 194.179.10.0 194.179.100.0 194.179.107.0 194.179.13.0 194.179.21.0 194.179.29.0 194.179.46.0 194.179.47.0 194.18.124.0 194.18.161.0 194.18.197.0 194.18.34.0 194.18.35.0 194.18.47.0 194.18.60.0 194.184.1.0 194.184.148.0 194.184.179.0 194.184.204.0 194.185.134.0 194.185.148.0 194.198.105.0 194.198.203.0 194.199.140.0 194.199.58.0 194.2.12.0 194.2.16.0 194.2.17.0 194.2.236.0 194.20.12.0 194.20.40.0 194.20.41.0 194.20.45.0 194.20.6.0 194.206.126.0 194.206.137.0 194.206.228.0 194.206.91.0 194.21.56.0 194.218.187.0 194.219.163.0 194.22.0.0 194.22.107.0 194.224.52.0 194.224.53.0 194.23.141.0 194.23.86.0 194.23.92.0 194.231.76.0 194.235.58.0 194.235.8.0 194.236.202.0 194.236.211.0 194.236.232.0 194.236.60.0 194.236.87.0 194.237.63.0 194.242.165.0 194.242.166.0 194.244.56.0 194.25.10.0 194.25.133.0 194.250.1.0 194.250.152.0 194.250.2.0 194.250.252.0 194.250.5.0 194.250.50.0 194.251.240.0 194.251.241.0 194.251.242.0 194.251.244.0 194.251.254.0 194.251.255.0 194.254.65.0 194.254.66.0 194.254.67.0 194.255.253.0 194.3.128.0 194.30.193.0 194.30.220.0 194.38.93.0 194.45.104.0 194.45.109.0 194.47.134.0 194.5.224.0 194.51.102.0 194.51.123.0 194.51.146.0 194.51.151.0 194.51.16.0 194.51.197.0 194.51.203.0 194.51.222.0 194.51.223.0 194.51.246.0 194.52.0.0 194.52.175.0 194.52.18.0 194.52.2.0 194.52.205.0 194.52.223.0 194.52.240.0 194.52.242.0 194.52.4.0 194.52.86.0 194.57.177.0 194.57.232.0 194.6.128.0 194.62.44.0 194.64.106.0 194.64.113.0 194.68.196.0 194.68.97.0 194.7.74.0 194.7.86.0 194.72.131.0 194.72.186.0 194.73.141.0 194.73.58.0 194.74.136.0 194.74.52.0 194.75.6.0 194.75.72.0 194.75.84.0 194.77.113.0 194.77.54.0 194.77.74.0 194.77.9.0 194.79.160.0 194.79.171.0 194.79.181.0 194.79.190.0 194.8.194.0 194.8.212.0 194.8.218.0 194.88.75.0 194.88.77.0 194.88.82.0 194.97.110.0 194.98.176.0 195.0.45.0 195.1.0.0 195.10.0.0 195.10.20.0 195.10.39.0 195.100.119.0 195.100.194.0 195.101.240.0 195.101.241.0 195.101.37.0 195.101.38.0 195.115.1.0 195.119.105.0 195.12.192.0 195.12.193.0 195.13.0.0 195.13.1.0 195.13.10.0 195.13.14.0 195.13.17.0 195.13.2.0 195.13.23.0 195.13.30.0 195.13.9.0 195.134.160.0 195.134.161.0 195.134.162.0 195.134.163.0 195.138.35.0 195.14.237.0 195.141.19.0 195.146.192.0 195.146.194.0 195.15.6.0 195.152.138.0 195.152.149.0 195.165.12.0 195.167.133.0 195.17.0.0 195.17.1.0 195.17.252.0 195.17.80.0 195.178.61.0 195.179.50.0 195.18.195.0 195.18.241.0 195.180.0.0 195.180.245.0 195.180.3.0 195.185.191.0 195.185.30.0 195.188.206.0 195.198.147.0 195.198.15.0 195.198.151.0 195.198.152.0 195.198.159.0 195.198.162.0 195.198.163.0 195.206.65.0 195.216.16.0 195.216.24.0 195.22.104.0 195.22.105.0 195.22.96.0 195.22.98.0 195.220.240.0 195.220.241.0 195.220.242.0 195.220.243.0 195.220.244.0 195.220.245.0 195.220.248.0 195.221.35.0 195.222.195.0 195.222.215.0 195.223.41.0 195.224.1.0 195.224.29.0 195.238.142.0 195.238.160.0 195.238.162.0 195.246.128.0 195.25.133.0 195.25.165.0 195.250.255.0 195.31.190.0 195.32.0.0 195.35.17.0 195.4.192.0 195.42.192.0 195.42.197.0 195.45.0.0 195.50.72.0 195.52.33.0 195.53.9.0 195.6.46.0 195.62.224.0 195.62.227.0 195.63.140.0 195.63.48.0 195.63.52.0 195.63.71.0 195.66.161.0 195.66.166.0 195.67.10.0 195.67.19.0 195.67.235.0 195.67.42.0 195.67.69.0 195.7.69.0 195.70.105.0 195.70.96.0 195.71.235.0 195.74.193.0 195.78.136.0 195.78.145.0 195.78.64.0 195.83.11.0 195.83.231.0 195.83.232.0 195.83.239.0 195.83.75.0 195.83.76.0 195.83.9.0 195.84.194.0 195.84.224.0 195.84.80.0 195.89.136.0 195.89.149.0 195.89.151.0 195.89.160.0 195.89.163.0 195.90.0.0 195.99.122.0 195.99.124.0 198.103.20.0 198.103.6.0 198.103.97.0 198.161.111.0 198.161.24.0 198.161.28.0 198.161.29.0 198.161.93.0 198.161.96.0 198.162.3.0 198.163.221.0 198.163.232.0 198.166.16.0 198.166.17.0 198.166.18.0 198.168.28.0 199.0.23.0 199.1.90.0 199.166.213.0 199.186.25.0 199.212.15.0 199.212.4.0 199.212.45.0 199.212.85.0 199.243.210.0 199.45.130.0 199.45.183.0 199.71.64.0 199.84.155.0 199.84.162.0 199.95.207.0 200.0.135.0 200.0.70.0 200.12.165.0 200.13.80.0 200.13.81.0 200.135.15.0 200.17.206.0 200.17.209.0 200.17.234.0 200.201.0.0 200.201.1.0 200.215.160.0 200.215.167.0 200.218.1.0 200.223.64.0 200.223.74.0 200.223.76.0 200.23.224.0 200.23.240.0 200.23.39.0 200.231.103.0 200.231.188.0 200.251.254.0 200.255.253.0 200.28.35.0 200.32.73.0 200.32.79.0 200.33.12.0 200.33.186.0 200.33.210.0 200.33.211.0 200.33.212.0 200.33.214.0 200.33.240.0 200.34.128.0 200.34.254.0 200.4.12.0 202.10.1.0 202.10.2.0 202.132.147.0 202.132.20.0 202.132.226.0 202.132.227.0 202.132.230.0 202.132.232.0 202.132.254.0 202.138.0.0 202.139.0.0 202.139.7.0 202.145.130.0 202.145.228.0 202.145.234.0 202.145.255.0 202.232.1.0 202.232.2.0 202.27.210.0 202.36.227.0 202.37.101.0 202.37.129.0 202.37.245.0 202.39.128.0 202.39.157.0 202.39.216.0 202.39.235.0 202.39.254.0 202.39.74.0 202.49.252.0 202.49.88.0 202.61.255.0 203.0.156.0 203.0.159.0 203.1.75.0 203.10.72.0 203.101.254.0 203.102.128.0 203.111.120.0 203.111.41.0 203.12.144.0 203.12.160.0 203.12.171.0 203.12.176.0 203.13.174.0 203.13.35.0 203.14.177.0 203.16.60.0 203.16.61.0 203.17.166.0 203.17.36.0 203.17.49.0 203.17.96.0 203.18.192.0 203.19.214.0 203.2.239.0 203.20.43.0 203.21.205.0 203.21.6.0 203.23.170.0 203.24.95.0 203.25.127.0 203.29.157.0 203.29.170.0 203.30.0.0 203.30.255.0 203.30.77.0 203.31.164.0 203.31.216.0 203.36.123.0 203.37.13.0 203.37.163.0 203.37.32.0 203.37.33.0 203.4.212.0 203.5.101.0 203.5.102.0 203.5.74.0 203.55.112.0 203.56.35.0 203.56.8.0 203.57.156.0 203.57.24.0 203.57.93.0 203.60.16.0 203.66.109.0 203.66.150.0 203.66.155.0 203.67.34.0 203.67.6.0 203.69.140.0 203.7.132.0 203.7.224.0 203.79.224.0 203.8.105.0 203.9.148.0 203.96.119.0 203.97.1.0 203.97.100.0 203.97.176.0 203.97.98.0 203.97.99.0 203.98.4.0 204.101.130.0 204.101.46.0 204.112.54.0 204.112.6.0 204.144.246.0 204.149.178.0 204.174.235.0 204.174.35.0 204.174.90.0 204.187.89.0 204.189.108.0 204.189.136.0 204.19.14.0 204.19.15.0 204.19.79.0 204.209.46.0 204.239.129.0 204.239.156.0 204.239.157.0 204.244.155.0 204.244.32.0 204.253.4.0 204.50.124.0 204.59.1.0 204.59.81.0 204.59.82.0 204.6.117.0 204.70.35.0 204.70.40.0 204.71.97.0 204.91.143.0 204.92.90.0 205.150.206.0 205.150.89.0 205.151.222.0 205.151.224.0 205.189.200.0 205.192.3.0 205.205.33.0 205.207.122.0 205.207.160.0 205.207.203.0 205.236.148.0 205.236.172.0 205.236.182.0 205.237.65.0 205.252.128.0 206.12.129.0 206.12.130.0 206.12.131.0 206.121.215.0 206.156.239.0 206.181.51.0 206.186.225.0 206.186.227.0 206.186.248.0 206.186.54.0 206.210.64.0 206.215.191.0 206.217.169.0 206.248.62.0 206.248.70.0 206.29.100.0 206.29.101.0 206.34.102.0 206.34.141.0 206.48.24.0 206.49.58.0 206.49.59.0 206.72.196.0 206.85.92.0 207.102.126.0 207.102.141.0 207.102.142.0 207.102.143.0 207.102.94.0 207.107.244.0 207.112.240.0 207.164.237.0 207.164.63.0 207.174.14.0 207.175.36.0 207.175.50.0 207.181.101.0 207.181.89.0 207.194.101.0 207.194.102.0 207.194.107.0 207.213.36.0 207.213.41.0 207.213.42.0 207.213.44.0 207.214.49.0 207.217.126.0 207.217.50.0 207.23.240.0 207.230.225.0 207.230.228.0 207.230.231.0 207.230.248.0 207.236.228.0 207.236.231.0 207.236.238.0 207.239.227.0 207.249.144.0 207.249.165.0 207.249.181.0 207.253.115.0 207.253.215.0 207.253.253.0 207.253.36.0 207.45.206.0 207.54.188.0 207.61.147.0 207.68.2.0 207.68.8.0 207.93.1.0 207.96.136.0 207.96.159.0 207.96.187.0 207.96.222.0 207.98.190.0 208.134.170.0 208.134.171.0 208.134.172.0 208.140.169.0 208.141.98.0 208.158.112.0 208.158.121.0 208.201.90.0 208.201.91.0 208.211.32.0 208.211.33.0 208.211.34.0 208.211.35.0 208.211.36.0 208.211.37.0 208.211.39.0 208.213.229.0 208.230.128.0 208.230.129.0 208.230.130.0 208.230.131.0 208.230.132.0 208.230.134.0 208.230.135.0 208.237.8.0 208.237.9.0 209.100.136.0 209.131.128.0 209.131.129.0 209.150.128.0 209.196.128.0 209.196.150.0 209.196.153.0 209.212.38.0 209.44.32.0 209.48.31.0 209.52.234.0 209.54.112.0 209.54.114.0 209.54.189.0 209.54.190.0 209.76.102.0 209.91.128.0 210.208.232.0 210.209.7.0 210.64.123.0 210.64.98.0 210.65.13.0 210.65.231.0 210.67.33.0 210.67.40.0 210.68.182.0 210.68.85.0 212.29.0.0 62.156.145.0 62.20.26.0 62.20.27.0 62.52.64.0 62.52.65.0 62.52.66.0 97.3.0.0 97.5.2.0
I'm sorry for the intrusion, I'm not a "North American Network Operator", but what I'm going to say could (I hope) be relevant to all the Internet community.
.... 194.184.1.0 194.184.148.0 194.184.179.0 194.184.204.0 .... 195.223.41.0
You'll probably have few luck trying to make even one of routers on these netowks fixed. It's because these netblocks are allocated to Interbusiness, an italian NSP who mainly sells connectivity to other ISPs and companies. They refuse to give access to the routers installed on the customer's side, so, EVERY network (mostly /24s) in their allocations could be a smurf amplifier if enought hosts are connected. Their allocations are: 194.184/16 195.223/16 195.31/16 195.103/16 195.120/16 212.210/16 One could argue that having access to all the routers on the customer's side could enable them to put a "no ip directed-broadcast" on all their routers (all ciscos) in a minute, but unfortunatelly interbusiness is well know to have all role accounts @interbusiness.it redirected to /dev/null. I'll try to do my best to contact them and make their routers fixed. Regards. -- Daniele ------------------------------------------------------------------------------- "By golly, I'm beginning to think Linux really *is* the best thing since sliced bread." (By Vance Petree, Virginia Power) ------------------------------------------------------------------------------- Daniele Orlandi - Utility Line Italia - http://www.orlandi.com Via Mezzera 29/A - 20030 - Seveso (MI) - Italy -------------------------------------------------------------------------------
Martin, Christian Wrote:
All,
Here is my contribution to the block list. The script that generated this will follow. It is 'public domain', in that it can be modified, BUT, please give credit where credit is due!
!!!!!NOTE: This script assumes that the offending bounce sites are /24 [...] 205.236.182.0
That is mine. Every router on there has had directed broadcasts disabled for a long time. Only that network is a /25, so the broadcast address we are talking about is 205.236.182.127. It turns out that not only does 205.236.182.255 unexpectedly function as an alternate broadcast address for this network, but it is unaffected by no ip directed-broadcast!!! This sounds like two bugs in one. (and I performed a hack to fix this network, but I shouldn't have had to do this) -Phil
It'd be nice if there were a more organized effort to collect these addresses, but for the time being, here's my list. I've actually got a bunch more, but these are hand-picked for having a large amplification factor and also for not appearing on the mcs.net page. 194.47.135 194.47.136 164.156.26 204.30.35 204.199.101 -- Tim Chase <tim@alpha.net> | Alpha dot Net, Corp. PGP public key: http://www.alpha.net/tim/pgpkey.html | Milwaukee, WI USA
Here's a small subset of a packet log received from a rather large attack Friday. The second field is the number of packets received from the /24s in the time the log spans. Some of the addresses are interesting; for example, the handful of 10.* blocks; however, I did receive icmp echo_reply traffic from them. 10.0.22 71 10.10.10 6 10.128.176 3 10.128.48 2 10.2.2 9 10.65.33 6 12.10.152 18 33.4.9 3 33.71.9 1 38.1.25 12 38.145.226 4 38.146.104 7 38.146.107 21 38.146.109 12 38.146.180 16 38.179.40 160 38.179.42 164 38.8.127 2 38.8.135 8 38.8.17 5 38.8.199 9 38.8.20 5 38.8.23 10 38.8.25 2 38.8.30 8 38.8.31 7 38.8.32 4 38.8.42 6 38.8.44 7 38.8.46 8 38.8.51 6 38.8.78 7 38.9.100 2 38.9.202 7 38.9.51 5 38.9.79 5 38.9.91 9 128.11.248 5 129.1.5 2 129.1.6 4 129.1.7 5 129.1.8 24 129.1.9 74 129.2.1 45 129.2.100 92 129.2.24 6 129.2.253 3 131.119.28 13 133.164.140 2 136.210.100 18 136.210.101 12 136.210.102 24 136.210.103 6 136.210.104 4 136.210.106 6 136.210.107 1 136.210.108 1 136.210.109 5 136.210.110 3 137.145.112 31 137.39.131 7 137.39.83 2 141.198.64 3 142.23.237 23 142.31.180 19 144.228.124 9 144.228.147 213 144.228.157 13 144.228.17 28 144.228.37 14 144.228.58 9 144.228.77 3 144.232.128 9 144.232.5 2 144.232.8 2 149.168.10 18 151.105.11 185 151.120.107 36 151.120.13 122 151.120.137 45 151.120.149 105 151.120.155 81 151.120.208 6 151.120.255 4 151.120.34 26 151.120.40 69 151.120.45 1 151.120.47 9 151.120.60 12 151.120.68 6 151.120.8 22 151.120.80 38 151.120.88 80 151.120.89 14 151.120.92 54 151.130.144 3 151.130.16 42 151.130.192 3 151.130.24 3 151.130.240 15 151.130.40 15 151.130.48 19 151.130.56 1 151.130.8 11 151.130.80 2 151.130.88 1 151.130.9 2 151.156.30 112 151.195.1 5 151.195.22 5 151.195.26 7 151.195.27 7 151.195.28 24 151.195.32 16 151.208.1 19 151.208.10 141 151.208.23 65 151.208.25 9 151.208.7 47 151.208.9 99 151.214.1 250 151.214.2 39 151.91.1 5 151.91.16 10 151.91.46 3 151.91.47 1 151.91.48 1 151.91.61 3 151.92.1 78 151.92.2 9 151.92.248 61 151.92.249 26 151.92.250 44 151.92.251 33 151.93.106 6 152.34.10 2 152.34.2 8 153.38.149 81 153.38.152 29 153.38.154 42 153.38.156 12 157.130.1 1 157.130.192 14 157.130.224 9 157.130.225 16 157.130.96 9 161.69.63 9 164.105.0 6 164.105.100 1 164.105.101 1 164.105.128 2 164.105.90 2 164.105.91 3 164.105.92 3 164.105.93 1 164.105.98 1 164.116.5 91 164.156.25 280 164.156.26 1361 164.38.0 2 164.38.104 2 164.38.16 38 164.38.17 11 164.38.18 8 164.38.19 27 164.38.32 8 164.77.11 127 165.117.50 1 165.28.1 9 166.48.176 4 166.48.220 7 166.48.241 2 166.48.36 9 166.48.64 3 167.7.15 5 169.130.14 1 170.1.96 5 172.16.21 5 172.16.99 30 172.18.0 31 172.18.10 22 172.18.100 99 172.18.250 20 172.18.251 12 172.18.255 11 172.18.3 6 172.18.4 3 172.18.5 4 172.19.0 5 172.19.10 6 172.19.100 33 172.19.250 6 172.19.251 6 172.19.255 5 172.19.3 22 172.19.4 64 172.19.5 14 172.19.6 35 172.20.10 65 172.20.20 349 172.25.1 10 172.25.2 10 172.25.6 19 172.25.7 16 172.30.1 10 192.107.46 288 192.108.1 8 192.136.16 1 192.149.109 110 192.153.145 7 192.157.69 1 192.158.1 268 192.158.2 258 192.168.255 14 192.168.6 13 192.187.128 40 192.197.173 8 192.197.174 173 192.216.77 2 192.216.78 6 192.55.86 245 192.68.64 20 192.77.171 6 192.86.78 228 193.164.160 124 193.227.29 2 193.227.31 28 193.227.54 9 193.227.55 19 194.143.164 21 194.165.209 11 195.200.12 52 195.89.1 22 195.89.255 6 198.247.230 16 198.32.130 5 198.32.136 118 198.53.214 45 198.53.245 1 198.53.60 16 198.80.69 3 199.166.210 128 199.240.101 242 199.240.102 100 199.240.105 7 199.240.106 7 199.240.111 10 199.240.88 9 199.240.89 1 199.240.91 13 199.240.92 26 199.240.95 10 199.95.228 4 203.146.0 29 203.146.1 1 204.116.46 22 204.140.35 751 204.140.40 25 204.141.16 74 204.141.18 7 204.141.19 18 204.141.22 28 204.160.216 3 204.160.95 5 204.161.112 166 204.161.113 563 204.161.114 27 204.161.117 84 204.161.118 44 204.161.121 157 204.161.125 33 204.161.126 40 204.161.61 395 204.162.80 11 204.162.81 494 204.162.84 18 204.162.86 19 204.165.80 165 204.167.132 5 204.169.58 104 204.169.59 428 204.174.124 147 204.174.127 14 204.174.56 24 204.174.57 42 204.174.58 3 204.174.59 3 204.174.67 2 204.177.145 126 204.179.121 6 204.181.40 54 204.181.41 146 204.181.42 8 204.183.36 11 204.187.84 523 204.189.216 7 204.19.106 9 204.191.124 56 204.199.101 113 204.199.104 312 204.199.105 43 204.199.106 150 204.199.107 174 204.199.111 21 204.213.184 9 204.216.86 1831 204.229.43 1 204.229.44 3 204.247.19 4 204.249.16 195 204.28.16 96 204.28.17 105 204.28.28 3 204.30.35 435 204.33.28 40 204.38.20 405 204.50.128 5 204.50.14 4 204.64.22 104 204.64.23 44 204.65.223 14 204.70.120 7 204.70.162 10 204.70.226 11 204.70.38 4 204.70.43 6 204.72.14 10 204.72.15 11 204.80.117 51 204.96.111 6 204.97.64 143 204.99.23 152 204.99.27 15 205.125.0 10 205.125.55 115 205.147.0 5 205.148.1 324 205.150.206 2 205.152.0 256 205.152.2 16 205.152.3 114 205.158.49 15 205.160.5 45 205.161.128 5 205.161.129 134 205.161.53 39 205.166.62 148 205.178.8 164 205.179.19 23554 205.179.9 4 205.180.85 8 205.184.109 940 205.184.92 19 205.185.133 143 205.187.76 230 205.189.135 4342 205.203.68 15 205.203.70 4 205.203.72 22 205.203.73 5 205.203.74 3 205.203.75 1 205.211.26 209 205.211.42 2 205.211.51 4 205.211.53 67 205.217.247 4 205.218.128 245 205.218.129 287 205.218.18 7758 205.218.30 3 205.219.139 12 205.221.40 374 205.225.26 53 205.225.27 101 205.225.28 59 205.225.30 322 205.226.117 46 205.227.130 45 205.227.131 52 205.230.30 46 205.231.82 416 205.232.11 135 205.232.33 136 205.232.8 161 205.237.48 28 205.244.114 6 205.244.33 39 205.244.34 124 205.246.74 18 205.246.78 120 205.246.79 139 206.1.179 215 206.105.235 104 206.105.236 118 206.105.238 122 206.105.239 88 206.115.150 109 206.13.16 3 206.13.17 5 206.142.240 1 206.142.241 2 206.142.248 5 206.161.74 6 206.166.123 4 206.171.16 4 206.181.100 22 206.181.122 9 206.181.161 30 206.220.140 9 206.220.141 27 206.24.41 12 206.29.86 218 206.29.87 57 206.34.91 19 206.41.10 8 206.81.130 6 206.9.156 10 206.9.158 18 206.98.165 70 207.0.0 197 207.0.17 53 207.0.18 102 207.0.84 11 207.0.88 41 207.0.90 25 207.0.91 29 207.102.100 103 207.102.93 4 207.104.20 53 207.106.33 5 207.106.35 266 207.107.247 7 207.111.23 45 207.112.240 5 207.120.45 23 207.124.104 7 207.13.5 71 207.137.76 10 207.137.77 209 207.152.190 8 207.152.64 381 207.154.12 63 207.154.14 9 207.155.151 45 207.155.64 295 207.159.159 1 207.161.8 102 207.163.159 2 207.163.87 80 207.164.167 89 207.164.49 317 207.165.237 24 207.17.13 75 207.172.67 4 207.174.20 112 207.174.32 1 207.174.33 228 207.174.38 9 207.174.47 80 207.174.57 54 207.176.252 2 207.194.0 17 207.194.8 324 207.196.0 92 207.196.74 10 207.198.129 17 207.201.200 26 207.203.120 55 207.203.121 19 207.203.122 10 207.204.135 179 207.205.1 11 207.205.8 266 207.207.8 3 207.21.176 8 207.21.26 10 207.213.36 220 207.213.41 19 207.213.42 44 207.213.44 20 207.214.49 32 207.216.80 35 207.222.28 25 207.229.86 147 207.230.32 100 207.230.34 8 207.230.35 20 207.230.36 2 207.230.48 10 207.230.49 22 207.230.50 7 207.230.64 17 207.230.75 22 207.230.86 35 207.230.90 12 207.230.95 12 207.231.66 6 207.233.86 42 207.233.87 40 207.233.88 50 207.236.112 30 207.238.129 11 207.238.143 99 207.240.1 4 207.240.103 26 207.240.12 4 207.240.121 23 207.240.127 49 207.240.161 13 207.240.166 8 207.240.167 10 207.240.2 2 207.240.229 15 207.240.230 15 207.25.245 12 207.253.253 106 207.28.162 159 207.28.163 121 207.28.174 88 207.28.175 121 207.31.21 13 207.31.32 16 207.31.58 9 207.32.71 838 207.38.1 7 207.38.3 131 207.38.67 10 207.41.22 290 207.45.207 13 207.45.209 9 207.49.194 10 207.49.195 23 207.49.201 11 207.5.61 227 207.51.37 30 207.51.47 6 207.53.0 22 207.53.1 37 207.53.2 31 207.53.3 29 207.53.4 30 207.53.5 31 207.53.6 26 207.53.7 25 207.59.20 74 207.60.152 49 207.63.129 107 207.63.130 217 207.63.138 390 207.63.139 440 207.67.1 28 207.7.34 1 207.7.37 699 207.73.10 14 207.76.25 236 207.76.26 784 207.76.27 152 207.76.28 210 207.76.29 215 207.78.73 2977 207.79.140 5 207.8.5 8 207.87.20 64 207.87.97 6 207.87.98 44 207.88.160 9 207.88.167 23 207.88.25 19 207.95.103 5 207.97.9 7 207.98.156 311 207.98.159 31 207.99.122 2 207.99.123 81 207.99.47 13 207.99.72 5 208.132.69 7 208.133.50 92 208.133.51 511 208.144.84 5 208.144.90 13 208.147.0 73 208.147.1 161 208.147.4 31 208.149.198 2 208.150.63 9 208.153.0 11 208.153.1 37 208.153.12 7 208.158.112 25 208.158.121 14 208.159.7 38 208.16.33 360 208.160.130 8 208.160.133 4 208.160.135 2 208.161.49 1 208.162.64 5 208.18.85 463 208.22.66 247 208.22.73 5 208.220.70 266 208.222.92 229 208.224.90 90 208.228.231 19 208.24.32 3 208.29.42 4 208.5.61 54 209.100.136 2 209.123.11 13 209.135.249 450 209.144.96 8 209.150.128 353 209.156.2 109 209.156.5 5 209.16.211 4 209.17.150 2 209.174.6 145 209.174.7 130 209.192.11 10 209.196.128 18 209.196.150 13 209.196.153 28 209.2.160 48 209.29.49 3 209.36.210 91 209.44.32 1 209.5.21 102 209.51.161 9 209.56.166 24 209.64.228 5 209.64.250 2 209.64.251 3 209.7.78 27 209.7.79 24 209.72.12 10 209.72.52 113 209.74.134 7 209.74.143 5 209.74.152 6 209.74.155 4 209.74.175 19 209.82.54 912 209.98.16 51 209.98.17 18 209.98.2 15 209.98.20 17 209.98.21 15 209.98.30 15
Would it be possible to take the amplifier list and publish an abbreviated version sorted by origin AS (will need a BGP lookup). So you see entries like: AS22222: 222.222.0.0/16, 234.234.234.0/24 .... AS22233: 111.111.0.0/16 etc. That way anyone who cares about their network can look and see if their AS or any they transit is in there. I can certainly recognize the former and can remember many of the latter. I can't remember all my net blocks, nor the names of my customers, nor indeed my customer's customers. If I have smurf-reflector-nonresistant downstreams even by customer, I for one would help put pressure on these guys to clear it up especially as otherwise I'm going to get whinges about poor connectivity if they are on Karl's list. The publicly available looking-glass code will get a Cisco to do a show ip b from perl. -- Alex Bligh GX Networks (formerly Xara Networks)
If this was to be done, how about including the actual amplifier addresses used instead of just the network number. It would help to detect when the problem has been fixed. On Fri, 1 May 1998, Alex Bligh wrote:
Would it be possible to take the amplifier list and publish an abbreviated version sorted by origin AS (will need a BGP lookup).
So you see entries like:
AS22222: 222.222.0.0/16, 234.234.234.0/24 .... AS22233: 111.111.0.0/16
etc.
That way anyone who cares about their network can look and see if their AS or any they transit is in there. I can certainly recognize the former and can remember many of the latter. I can't remember all my net blocks, nor the names of my customers, nor indeed my customer's customers. If I have smurf-reflector-nonresistant downstreams even by customer, I for one would help put pressure on these guys to clear it up especially as otherwise I'm going to get whinges about poor connectivity if they are on Karl's list.
The publicly available looking-glass code will get a Cisco to do a show ip b from perl.
-- Alex Bligh GX Networks (formerly Xara Networks)
Brandon Ross Network Engineering 404-815-0770 800-719-4664 Director, Network Engineering, MindSpring Ent., Inc. info@mindspring.com AOL Instant Messenger: Brandon NR ICQ: 2269442
On Fri, 1 May 1998, chris wrote:
Here's a small subset of a packet log received from a rather large attack Friday. The second field is the number of packets received from the /24s in the time the log spans.
Some of the addresses are interesting; for example, the handful of 10.* blocks; however, I did receive icmp echo_reply traffic from them.
<SNIP>
204.162.80 11
This was behind a 56K frame link, it is now fixed.
204.162.81 494
What the #$%^& is this? This is a class C which is divided into a /25 and two /26's. One of the /26's was open (not any more). If the number at the end is the quantity of hosts the program collecting data needs to be checked. If this number is something else please specify.
204.162.84 18
One of my compatriots had a /27 which was open. It should be closed now.
204.162.86 19
Behind a 56K but now fixed. I have turned off ip directed broadcasts on all links in our network so the 204.162.80.0/21 netblock should be clean. Is Karl adding these to his list? If so do we need to go through the normal contact procedure (call MCS's NOC) to be removed? bye, ken emery
participants (8)
-
Alex Bligh
-
Brandon Ross
-
chris
-
Daniele Orlandi
-
ken emery
-
Martin, Christian
-
Phillip Vandry
-
tim@alpha.net