Re: SMURF amplifier block list

From: Karl Denninger (no email)
Date: Sun Apr 12 1998 - 15:59:16 EDT

On Sun, Apr 12, 1998 at 12:35:44PM -0700, Craig A. Huegen wrote:
> On Sun, 12 Apr 1998, Alex P. Rudnev wrote:
> ==>Remember, this intruders use small ISP as their service providers, not
> ==>huge MCI or SPRINT.
> Actually, the majority of these people use compromised root accounts in
> educational institutions, educational residence halls w/ Ethernet,
> enterprises w/o decent firewalls, and co-location machines.
> There are lists which exist of over 200-300 compromised root accounts and
> access capabilities from which someone can launch an attack.
> /cah

Yep. But the point still remains that if you can't get the traffic out of
the source network a smurf attempt doesn't work.

Those "educational" sites which allow residence hall connections to launch
this kind of thing deserve to be permanently black-holed from the Internet
until they fix things. And yes, I know this means they'll have to spend
money. Tough cookies. This is NOT an unsolvable problem (I can solve it
with a $1,000 PC running IPFW between the residence hall Ethernet and the
rest of the campus, or a few statements in a CISCO config) so people saying
its an intractable problem are lying.


Karl Denninger ()| MCSNet - Serving Chicagoland and Wisconsin          | T1's from $600 monthly / All Lines K56Flex/DOV
			     | NEW! Corporate ISDN Prices dropped by up to 50%!
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

Hosted Email Solutions

Invaluement Anti-Spam DNSBLs

Powered By FreeBSD   Powered By FreeBSD