Security Basics mailing list archives
RE: Is anyone else seeing SMURF ?
From: "Dougal McWhinney" <dmcwhinney () qmag com au>
Date: Wed, 27 Aug 2003 08:03:01 +1000
Hi All, We appear to be having a lot of ICMP packets from outside port 8 to port 0 on our mail server. Our mail server is rejecting them, but is this part of a SMURF attack?? Regards, Dougal. -----Original Message----- From: Jamie Pratt [mailto:jamie () nucdc org] Sent: Wednesday, August 27, 2003 4:06 AM To: security-basics () securityfocus com Subject: Re: Is anyone else seeing SMURF ? Unfortunately, this smurf business may be old, but not gone.. Worst part is due to the nature of these attacks, you can't find the real source ip's - (thank the irc script-kiddies obviously.. who else would be so bored?) - they are apparently using these (and probably other) networks as 'smurf amplifiers':: http://www.powertech.no/smurf jamie Logan Rogers-Follis - TNTNetworx.net wrote:
Sean, I see about 50+ of these a day if I leave my PC on all the
time....of
course they are alwasy stopped by my firewall, but there still
annoying
because they fill up my logs. I see them from all different IP's even
though I just recently moved myself into a new Class C netblock (no
one
else is in it except a Cisco Router). So I would also be interested
to
know if anyone knows why, just cause it annoying :-P Though I have never bother to check there IP's for location (I know a good chunk of the NEtblocks licensed to my region, so I'll see what I find. Are these different IP's in the same Class B as you? Logan SVater () oh hra com wrote:Over the last month, I increasing numbers of Smurf trying to come in on my home firewall, all on Port 0. From what I have seen & read, this is
a
pretty old vulnerability that has been patched. Is this a new hole? I
went from seeing one in a month to 40 (different IPs) just this weekend
over a
72 hr period. All coming from my local area (guessing just on the
info
that I pull from GeoBytes.com). Anyone else seeing this ? Sean "Eagles may soar but weasels don't get sucked into jet engines."
Steven
Wright
------------------------------------------------------------------------ --- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- The information contained in this e-mail communication may be confidential. You should only read, disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. If you are not the intended recipient of this e-mail communication, please immediately notify the sender directly (PH: +61 7 4920 0200) and then destroy any electronic or paper copy of this message. Virus protection procedures are in place at QMAG but the company does not warrant that this e-mail is virus free and recommends that the recipient undertake their own virus detection measures. --------------------------------------------------------------------------- SAFETY IS EVERYONE'S RESPONSIBILITY --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Is anyone else seeing SMURF ? SVater (Aug 26)
- Re: Is anyone else seeing SMURF ? Logan Rogers-Follis - TNTNetworx.net (Aug 26)
- Re: Is anyone else seeing SMURF ? Jamie Pratt (Aug 26)
- RE: Is anyone else seeing SMURF ? Dougal McWhinney (Aug 27)
- Re: Is anyone else seeing SMURF ? Ramiro Alejos (Aug 27)
- Re: Is anyone else seeing SMURF ? Logan Rogers-Follis (Aug 27)
- Re: Is anyone else seeing SMURF ? Jamie Pratt (Aug 26)
- Re: Is anyone else seeing SMURF ? Tomas Wolf (Aug 27)
- Re: Is anyone else seeing SMURF ? blather (Aug 27)
- Re: Is anyone else seeing SMURF ? GSimmonds (Aug 28)
- <Possible follow-ups>
- RE: Is anyone else seeing SMURF ? Jeremy Counter (Aug 26)
- Re: Is anyone else seeing SMURF ? Logan Rogers-Follis - TNTNetworx.net (Aug 26)