nanog mailing list archives

Re: Smurfable Networks

From: "Richard Thomas" <buglord () ex-pressnet com>
Date: Thu, 23 Jul 1998 02:58:57 -0400

-----Original Message-----
From: Brian Horvitz <horvitz () shore net>
To: Richard Thomas <buglord () ex-pressnet com>
Cc: nanog () merit edu <nanog () merit edu>
Date: Wednesday, July 22, 1998 2:51 PM
Subject: Re: Smurfable Networks

Actually, it turns out that a some of what I posted were only echo replies
from single hosts.  This was indeed a real smurf..at one point we were
pulling about 50 Meg over 3 T3s.  The error I made was in generating the
list of amplifier networks from my log files.  Networks with even one
single echo reply to the target address were included in the list.  Such
was the case with the net 12 entries - each one corresponded only to one
IP address, not a whole network worth.


I tried about 30 from the list and didn't get a single dupe, but anyhow,
check out SmurfLog v1.1 available at http://www.sy.net/security by yours
truly, a much better way to gather only the guilty without generating 2 gig
log files in the process.

Current thread:

Smurfable Networks Brian Horvitz (Jul 22)
- Re: Smurfable Networks Steven nash (Jul 22)
- Re: Smurfable Networks Robert Cooper (Jul 22)
- Re: Smurfable Networks Yung-Chao Yu (Jul 22)
- Re: Smurfable Networks Tim Kempka (Jul 22)
- Re: Smurfable Networks Louis Destree (Jul 22)
- <Possible follow-ups>
- Re: Smurfable Networks Richard Thomas (Jul 22)
  - Re: Smurfable Networks Brian Horvitz (Jul 22)
- Re: Smurfable Networks Richard Thomas (Jul 22)