Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

netscan.org being smurfed?

  • From: Dalvenjah FoxFire
  • Date: Tue Feb 02 22:23:25 1999

So it had to happen. http://netscan.org - the site listing all the current
broadcast relays usable in smurf attacks - currently appears to be
getting smurfed.

traceroute to netscan.org (216.32.4.105), 30 hops max, 40 byte packets
[...]
 6  mae-west-ames.exodus.net (198.32.136.113)  18 ms  18 ms  20 ms
 7  scca-02-h4-1-0.core.exodus.net (209.1.10.165)  18 ms  21 ms  19 ms
 8  bbr02-p0-0.sntc01.exodus.net (209.1.169.49)  34 ms  34 ms *
 9  * bbr01-p5-0.sntc03.exodus.net (209.185.249.142)  29 ms  33 ms
10  dcr01-p00000.sttl01.exodus.net (209.185.9.186)  66 ms  69 ms  66 ms
11  209.67.64.21 (209.67.64.21)  100 ms  108 ms *
12  * * *

% ping -s netscan.org
PING netscan.org: 56 data bytes
^C
----netscan.org PING Statistics----
2 packets transmitted, 0 packets received, 100% packet loss

% ping -s 209.67.64.21
PING 209.67.64.21: 56 data bytes
64 bytes from 209.67.64.21: icmp_seq=3. time=491. ms
64 bytes from 209.67.64.21: icmp_seq=7. time=89. ms
^C
----209.67.64.21 PING Statistics----
9 packets transmitted, 2 packets received, 77% packet loss
round-trip (ms)  min/avg/max = 89/290/491

% ping -s 209.185.9.186
PING 209.185.9.186: 56 data bytes
64 bytes from dcr01-p00000.sttl01.exodus.net (209.185.9.186): icmp_seq=0. time=167. ms
64 bytes from dcr01-p00000.sttl01.exodus.net (209.185.9.186): icmp_seq=1. time=68. ms
^C
----209.185.9.186 PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms)  min/avg/max = 68/117/167

Since I can't afford a lawyer to actually go after these negligents who
can't seem to figure out that security is a part of being on the internet,
I'm going to post a small rant here, again.

Folks, it's not that hard to go to netscan.org (when it's not being smurfed),
enter your subnets, and look to see if they give broadcasts. Heck, you could
even automate it with a simple perl script. Give the task to one of your noc
operators or something. Check your subnets, and your customers' subnets.

And for those big ISPs out there who are getting targetted by smurf attacks,
how about making your lawyers earn their keep and filing suit against the
intermediaries for such things as gross negligence, anticompetitive
practices, etc. etc. (note: I am not a lawyer). Have them get creative;
I'm sure they're bored just sitting around poring over contracts all day.

Talk to your managers. Make it a priority. But GET IT FIXED.

I also advise you to fix the problem now, while the targets are still
everyday users, and not 2 years from now, when Joe Achmed Terrorist
discovers how easy it is to take down the pentagon from a UUnet dialup
or a cable modem. Then, the FBI/CIA/military will come and fix it for you.
(After they fix their own networks, of course }:P ).

-dalvenjah

P.S. Why am I sending this here? Because despite the fact that everyone on
this list is in theory clueful, all the networks on netscan.org are
customers of one of the big backbones or another, most of whom seem to have
at least a minor presence on this list. If you have friends or contacts
at backbones or ISPs who don't have a presence on nanog, forward away.
If they are your customers, FIX THEM. You cannot get by with "they are
responsible for their own networks" forever. Someone has to take
responsibility. You should, before someone passes a law to force it
upon you.

-- 
 Dalvenjah FoxFire (aka Sven Nielsen) DOS computers are by far the most popular
 Founder, the DALnet IRC Network      worldwide. Macintosh fans, on the other
                                      hand, may note that cockroaches are far
 e-mail: dalvenjah@dal.net            more numerous than humans, and that
 WWW: http://www.dal.net/~dalvenjah/  numbers alone do not denote a higher
 whois: SN90                          life form.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.