So it had to happen. http://netscan.org - the site listing all the current broadcast relays usable in smurf attacks - currently appears to be getting smurfed. traceroute to netscan.org (216.32.4.105), 30 hops max, 40 byte packets [...] 6 mae-west-ames.exodus.net (198.32.136.113) 18 ms 18 ms 20 ms 7 scca-02-h4-1-0.core.exodus.net (209.1.10.165) 18 ms 21 ms 19 ms 8 bbr02-p0-0.sntc01.exodus.net (209.1.169.49) 34 ms 34 ms * 9 * bbr01-p5-0.sntc03.exodus.net (209.185.249.142) 29 ms 33 ms 10 dcr01-p00000.sttl01.exodus.net (209.185.9.186) 66 ms 69 ms 66 ms 11 209.67.64.21 (209.67.64.21) 100 ms 108 ms * 12 * * * % ping -s netscan.org PING netscan.org: 56 data bytes ^C ----netscan.org PING Statistics---- 2 packets transmitted, 0 packets received, 100% packet loss % ping -s 209.67.64.21 PING 209.67.64.21: 56 data bytes 64 bytes from 209.67.64.21: icmp_seq=3. time=491. ms 64 bytes from 209.67.64.21: icmp_seq=7. time=89. ms ^C ----209.67.64.21 PING Statistics---- 9 packets transmitted, 2 packets received, 77% packet loss round-trip (ms) min/avg/max = 89/290/491 % ping -s 209.185.9.186 PING 209.185.9.186: 56 data bytes 64 bytes from dcr01-p00000.sttl01.exodus.net (209.185.9.186): icmp_seq=0. time=167. ms 64 bytes from dcr01-p00000.sttl01.exodus.net (209.185.9.186): icmp_seq=1. time=68. ms ^C ----209.185.9.186 PING Statistics---- 2 packets transmitted, 2 packets received, 0% packet loss round-trip (ms) min/avg/max = 68/117/167 Since I can't afford a lawyer to actually go after these negligents who can't seem to figure out that security is a part of being on the internet, I'm going to post a small rant here, again. Folks, it's not that hard to go to netscan.org (when it's not being smurfed), enter your subnets, and look to see if they give broadcasts. Heck, you could even automate it with a simple perl script. Give the task to one of your noc operators or something. Check your subnets, and your customers' subnets. And for those big ISPs out there who are getting targetted by smurf attacks, how about making your lawyers earn their keep and filing suit against the intermediaries for such things as gross negligence, anticompetitive practices, etc. etc. (note: I am not a lawyer). Have them get creative; I'm sure they're bored just sitting around poring over contracts all day. Talk to your managers. Make it a priority. But GET IT FIXED. I also advise you to fix the problem now, while the targets are still everyday users, and not 2 years from now, when Joe Achmed Terrorist discovers how easy it is to take down the pentagon from a UUnet dialup or a cable modem. Then, the FBI/CIA/military will come and fix it for you. (After they fix their own networks, of course }:P ). -dalvenjah P.S. Why am I sending this here? Because despite the fact that everyone on this list is in theory clueful, all the networks on netscan.org are customers of one of the big backbones or another, most of whom seem to have at least a minor presence on this list. If you have friends or contacts at backbones or ISPs who don't have a presence on nanog, forward away. If they are your customers, FIX THEM. You cannot get by with "they are responsible for their own networks" forever. Someone has to take responsibility. You should, before someone passes a law to force it upon you. -- Dalvenjah FoxFire (aka Sven Nielsen) DOS computers are by far the most popular Founder, the DALnet IRC Network worldwide. Macintosh fans, on the other hand, may note that cockroaches are far e-mail: dalvenjah@dal.net more numerous than humans, and that WWW: http://www.dal.net/~dalvenjah/ numbers alone do not denote a higher whois: SN90 life form.
participants (1)
-
Dalvenjah FoxFire