North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
netscan.org being smurfed?
- From: Dalvenjah FoxFire
- Date: Tue Feb 02 22:23:25 1999
So it had to happen. http://netscan.org - the site listing all the current
broadcast relays usable in smurf attacks - currently appears to be
traceroute to netscan.org (18.104.22.168), 30 hops max, 40 byte packets
6 mae-west-ames.exodus.net (22.214.171.124) 18 ms 18 ms 20 ms
7 scca-02-h4-1-0.core.exodus.net (126.96.36.199) 18 ms 21 ms 19 ms
8 bbr02-p0-0.sntc01.exodus.net (188.8.131.52) 34 ms 34 ms *
9 * bbr01-p5-0.sntc03.exodus.net (184.108.40.206) 29 ms 33 ms
10 dcr01-p00000.sttl01.exodus.net (220.127.116.11) 66 ms 69 ms 66 ms
11 18.104.22.168 (22.214.171.124) 100 ms 108 ms *
12 * * *
% ping -s netscan.org
PING netscan.org: 56 data bytes
----netscan.org PING Statistics----
2 packets transmitted, 0 packets received, 100% packet loss
% ping -s 126.96.36.199
PING 188.8.131.52: 56 data bytes
64 bytes from 184.108.40.206: icmp_seq=3. time=491. ms
64 bytes from 220.127.116.11: icmp_seq=7. time=89. ms
----18.104.22.168 PING Statistics----
9 packets transmitted, 2 packets received, 77% packet loss
round-trip (ms) min/avg/max = 89/290/491
% ping -s 22.214.171.124
PING 126.96.36.199: 56 data bytes
64 bytes from dcr01-p00000.sttl01.exodus.net (188.8.131.52): icmp_seq=0. time=167. ms
64 bytes from dcr01-p00000.sttl01.exodus.net (184.108.40.206): icmp_seq=1. time=68. ms
----220.127.116.11 PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max = 68/117/167
Since I can't afford a lawyer to actually go after these negligents who
can't seem to figure out that security is a part of being on the internet,
I'm going to post a small rant here, again.
Folks, it's not that hard to go to netscan.org (when it's not being smurfed),
enter your subnets, and look to see if they give broadcasts. Heck, you could
even automate it with a simple perl script. Give the task to one of your noc
operators or something. Check your subnets, and your customers' subnets.
And for those big ISPs out there who are getting targetted by smurf attacks,
how about making your lawyers earn their keep and filing suit against the
intermediaries for such things as gross negligence, anticompetitive
practices, etc. etc. (note: I am not a lawyer). Have them get creative;
I'm sure they're bored just sitting around poring over contracts all day.
Talk to your managers. Make it a priority. But GET IT FIXED.
I also advise you to fix the problem now, while the targets are still
everyday users, and not 2 years from now, when Joe Achmed Terrorist
discovers how easy it is to take down the pentagon from a UUnet dialup
or a cable modem. Then, the FBI/CIA/military will come and fix it for you.
(After they fix their own networks, of course }:P ).
P.S. Why am I sending this here? Because despite the fact that everyone on
this list is in theory clueful, all the networks on netscan.org are
customers of one of the big backbones or another, most of whom seem to have
at least a minor presence on this list. If you have friends or contacts
at backbones or ISPs who don't have a presence on nanog, forward away.
If they are your customers, FIX THEM. You cannot get by with "they are
responsible for their own networks" forever. Someone has to take
responsibility. You should, before someone passes a law to force it
Dalvenjah FoxFire (aka Sven Nielsen) DOS computers are by far the most popular
Founder, the DALnet IRC Network worldwide. Macintosh fans, on the other
hand, may note that cockroaches are far
e-mail: firstname.lastname@example.org more numerous than humans, and that
WWW: http://www.dal.net/~dalvenjah/ numbers alone do not denote a higher
whois: SN90 life form.