nanog mailing list archives
Re: Smurfable Networks
From: "Richard Thomas" <buglord () ex-pressnet com>
Date: Thu, 23 Jul 1998 02:58:57 -0400
-----Original Message----- From: Brian Horvitz <horvitz () shore net> To: Richard Thomas <buglord () ex-pressnet com> Cc: nanog () merit edu <nanog () merit edu> Date: Wednesday, July 22, 1998 2:51 PM Subject: Re: Smurfable Networks
Actually, it turns out that a some of what I posted were only echo replies from single hosts. This was indeed a real smurf..at one point we were pulling about 50 Meg over 3 T3s. The error I made was in generating the list of amplifier networks from my log files. Networks with even one single echo reply to the target address were included in the list. Such was the case with the net 12 entries - each one corresponded only to one IP address, not a whole network worth.
I tried about 30 from the list and didn't get a single dupe, but anyhow, check out SmurfLog v1.1 available at http://www.sy.net/security by yours truly, a much better way to gather only the guilty without generating 2 gig log files in the process.
Current thread:
- Smurfable Networks Brian Horvitz (Jul 22)
- Re: Smurfable Networks Steven nash (Jul 22)
- Re: Smurfable Networks Robert Cooper (Jul 22)
- Re: Smurfable Networks Yung-Chao Yu (Jul 22)
- Re: Smurfable Networks Tim Kempka (Jul 22)
- Re: Smurfable Networks Louis Destree (Jul 22)
- <Possible follow-ups>
- Re: Smurfable Networks Richard Thomas (Jul 22)
- Re: Smurfable Networks Brian Horvitz (Jul 22)
- Re: Smurfable Networks Richard Thomas (Jul 22)