Re: SMURF amplifier block list

["Alex P. Rudnev" <alex () Relcom EU net>]

I do not know. I think it's urgent nessecaty to create some method to 
back-trace any SRC address, realised (at least) by CISCO, because it's 
clean we are not ready (we - hw. vendors, CEF is too new and unchecked 
futore and do not work at middle-class routers and access-servers where 
it's place for the SRC filtering) to make strict src-filtering at the 
customer-links level.




On Sun, 19 Apr 1998 jlixfeld () idirect ca wrote:

> Date: Sun, 19 Apr 1998 18:48:32 -0400 (EDT)
> From: jlixfeld () idirect ca
> To: "Alex P. Rudnev" <alex () Relcom EU net>
> Cc: Dan Boehlke <dboehlke () mr net>, Dean Anderson <dean () av8 com>,
>     nanog () merit edu
> Subject: Re: SMURF amplifier block list
>
> Cisco has a method of tracing SMuRF, do they not?  Anyone know how they do
> it?!  Is it some imbedded thing, or do they call the owners of each
> network and pray that they have Ciscos?
>
> On Sat, 18 Apr 1998, Alex P. Rudnev wrote:
>
> :> What about people who didn't subnet their class B on the eight bit 
> :> boundry, but made larger subnets instead?  What about the class B that 
> :> doesn't appear to be subnetted at all?  What about supernetted class C 
> :> networks?  A trailing .255 can be a valid host.
> :And what's worng? If they di nit subnet their B network, the tail of 
> :address should be .255 too.
> :
> :If someone have particular .255 host - OK, you should not be able to ping 
> :it, not more. The small fee for the free-of-smurfing-from-your-network.
> :
> :> > Why don't use the filter
> :> > 
> :> >  deny icmp any 0.0.0.255 255.255.255.0 echo-request
> :Just now, USA's ISP seems to be absolutely helpless facing SMURF. A lot 
> :of networks do not block aroadcast echo-request's; no one even know how 
> :to trace thos 'echo-request' packets by their network... may be I am 
> :wrong, and it's because there is _a lot of ISP_ there, and even a few af 
> :them who do not know how to fight against SMURF compose a good backet - I 
> :do not know. 
> :
> :Really; does anyone know any sucsessfull attempts to search for the 
> :smurfer? What penalty was provided for this hackers? Does exist some 
> :legitimate way to establish a lawsuite against them (when they'll be 
> :located - last is the only matter of qualification for their nearest ISP, 
> :not more).
> :
> :
>
> --
> Regards,  
>
> Jason A. Lixfeld             jlixfeld () idirect ca
> iDirect Network Operations   jlixfeld () torontointernetxchange net
>
> ---------------------------------------------------------------------
> TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
> Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
> 5415 Dundas Street West      | http://www.torontointernetxchange.net
> Suite 301, Toronto Ontario   | (416) 236-5806      (T)
> M9B-1B5 CANADA               | (416) 236-5804        (F)
> ---------------------------------------------------------------------

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)