Bugtraq mailing list archives

Re: netscan.org - broadcast ICMP list

From: jaeger () TEKNIQ NET (eric lindvall)
Date: Thu, 31 Dec 1998 15:21:41 -0800

:http://netscan.org has the first (relatively) complete database of ICMP
:directed broadcast networks ("smurf amplifiers").  All allocated IP addresses

:ending in .0 or .255 have been pinged and measured, so it's complete short of
:pinging the whole 'Net.



The people over at Smurf Amplifier Registry
( http://www.powertech.no/smurf/ ) have had such a project going for a
pretty long time:
--
32508 networks have been probed with the SAR
15969 of them are currently broken
7208 have been fixed after being listed here

Hmmm.  netscan.org reports 144,047 "broken" networks.  Either their
effort is on a higher order of magnitude than SAR's, or it all
depends on what the definition of "network" is....


Yes, it was on a higher order of magnitude. We probed 7,477,875 networks
in the course of a couple weeks. For simplicity's sake, and because the
``packet monkeys'' don't know any better, we only probed the /24 blocks,
sending pings to the .0 and .255 of the /24. For the next `round' we will
be allowing other CIDRs to be probed, and will be adding other features,
including seaches by AS number, and searches by netblock. We did not
release this information (or the entire list) immediatly, trying to give
the admins time to fix their networks, before the kiddies had a chance to
get at it.

Real-time probes are another feature we are looking into, but cannot be
implimented at our current hosted location.

I thank you all for your time and support of the project. We have received
a multitude of emails from people thanking us for the site, and telling us
of their network fixes.

 -eric


--
#define IRCNICK "vi"
#define URL "http://tekniq.net/";
#define PGPKEY "http://tekniq.net/pgpkey";
#define FINGERPRINT "42C6 CD74 110E ECAD 207D  1827 075A 2CEB 41AE 0E87"

main() {for(;;fork());}    /* run it sometime.. it's fun */

"If you can stick your finger in it, you can hang from it."
       --Andrew Hume, USENIX President, on security.

Current thread:

Re: netscan.org - broadcast ICMP list Fyodor (Dec 31)
- Deception Toolkit on SCO root6 (Jan 01)
- nmap can crash microsoft telnetd Tomas Halgas (Jan 02)
- Re: netscan.org - broadcast ICMP list Troy Davis (Jan 02)
- UNIX ELF PARASITES AND VIRUS silvio () BIG NET AU (Jan 02)
- <Possible follow-ups>
- Re: netscan.org - broadcast ICMP list Troy Davis (Dec 31)
- Re: netscan.org - broadcast ICMP list eric lindvall (Dec 31)