Security Basics mailing list archives

Re: Is anyone else seeing SMURF ?

From: Jamie Pratt <jamie () nucdc org>
Date: Tue, 26 Aug 2003 14:05:54 -0400

Unfortunately, this smurf business may be old, but not gone.. Worst partis due to the nature of these attacks, you can't find the real sourceip's - (thank the irc script-kiddies obviously.. who else would be sobored?) - they are apparently using these (and probably other) networksas 'smurf amplifiers'::


http://www.powertech.no/smurf

jamie

Logan Rogers-Follis - TNTNetworx.net wrote:

Sean,
I see about 50+ of these a day if I leave my PC on all the time....ofcourse they are alwasy stopped by my firewall, but there still annoyingbecause they fill up my logs. I see them from all different IP's eventhough I just recently moved myself into a new Class C netblock (no oneelse is in it except a Cisco Router). So I would also be interested toknow if anyone knows why, just cause it annoying :-P Though I havenever bother to check there IP's for location (I know a good chunk ofthe NEtblocks licensed to my region, so I'll see what I find.
   Are these different IP's in the same Class B as you?

Logan

SVater () oh hra com wrote:
Over the last month, I increasing numbers of Smurf trying to come inon my
home firewall, all on Port 0.  From what I have seen & read, this is a
pretty old vulnerability that has been patched. Is this a new hole? Iwent
from seeing one in a month to 40 (different IPs) just this weekend over a
72 hr period. All coming from my local area (guessing just on the infothat
I pull from GeoBytes.com).

Anyone else seeing this ?

Sean


"Eagles may soar but weasels don't get sucked into jet engines." Steven
Wright




---------------------------------------------------------------------------

Attend Black Hat Briefings & Training Federal, September 29-30 (Training),October 1-2 (Briefings) in Tysons Corner, VA; the world's premiertechnical IT security event. Modeled after the famous Black Hat event inLas Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com

----------------------------------------------------------------------------

Current thread:

Is anyone else seeing SMURF ? SVater (Aug 26)
- Re: Is anyone else seeing SMURF ? Logan Rogers-Follis - TNTNetworx.net (Aug 26)
  - Re: Is anyone else seeing SMURF ? Jamie Pratt (Aug 26)
    - RE: Is anyone else seeing SMURF ? Dougal McWhinney (Aug 27)
    - Re: Is anyone else seeing SMURF ? Ramiro Alejos (Aug 27)
    - Re: Is anyone else seeing SMURF ? Logan Rogers-Follis (Aug 27)
- Re: Is anyone else seeing SMURF ? Tomas Wolf (Aug 27)
  - Re: Is anyone else seeing SMURF ? blather (Aug 27)
- Re: Is anyone else seeing SMURF ? GSimmonds (Aug 28)
- <Possible follow-ups>
- RE: Is anyone else seeing SMURF ? Jeremy Counter (Aug 26)