Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMURF amplifier block list

  • From: Michael Shields
  • Date: Mon Apr 13 06:28:24 1998

In article <Pine.BSI.3.93.980412085359.7879a-100000@sidhe.memra.com>,
Michael Dillon <michael@memra.com> wrote:
> If Karl will supply us the IP address of a non-critical machine in his
> network then we only need one list maintained. Anyone can then add new
> networks to Karl's list simply by smurfing his non-critical machine and it
> will still meet his criteria of a verified atack.

Careful.  I could, from a well-connected machine, launch a stream of
forged ICMP echo replies from various 199.166.227.x addresses.  This
would cause it to look like junction.net was the source of a smurf,
and cause them to be blocked.

Well, in the case of junction.net, there is no such forgery needed.

    ~$ host www.memra.com
    www.memra.com           A       199.166.227.56
    ~$ ping 199.166.227.255
    PING 199.166.227.255 (199.166.227.255): 56 data bytes
    64 bytes from 134.87.109.226: icmp_seq=0 ttl=243 time=110.2 ms
    64 bytes from 199.166.227.41: icmp_seq=0 ttl=51 time=111.0 ms (DUP!)
    64 bytes from 199.166.227.32: icmp_seq=0 ttl=242 time=112.2 ms (DUP!)
    64 bytes from 199.166.227.54: icmp_seq=0 ttl=51 time=112.8 ms (DUP!)
    64 bytes from 199.166.227.5: icmp_seq=0 ttl=51 time=113.7 ms (DUP!)
    64 bytes from 199.166.227.27: icmp_seq=0 ttl=51 time=114.3 ms (DUP!)
    64 bytes from 199.166.227.22: icmp_seq=0 ttl=51 time=115.0 ms (DUP!)
    64 bytes from 199.166.227.1: icmp_seq=0 ttl=51 time=115.7 ms (DUP!)
    64 bytes from 199.166.227.12: icmp_seq=0 ttl=242 time=116.4 ms (DUP!)
    64 bytes from 199.166.227.19: icmp_seq=0 ttl=51 time=117.0 ms (DUP!)
    64 bytes from 199.166.227.21: icmp_seq=0 ttl=242 time=117.7 ms (DUP!)
    64 bytes from 199.166.227.28: icmp_seq=0 ttl=51 time=118.3 ms (DUP!)
    64 bytes from 199.166.227.26: icmp_seq=0 ttl=242 time=119.0 ms (DUP!)

    --- 199.166.227.255 ping statistics ---
    1 packets transmitted, 1 packets received, +12 duplicates, 0% packet loss
    round-trip min/avg/max = 110.2/114.8/119.0 ms

-- 
Shields, CrossLink.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.