Something on the order of 100 networks all tried to send as many echo
response packets as possible down a little 56Kb pipe on my network
today (from ~19:00 - 21:00 GMT today, 27 March 1998) and I couldn't
reach a single network-owning site to get it shut down because ALL of
the networks abused were in the Asian Pacific area, where it was NOT
business hours. So the individual numbers listed with the various
NICs were useless & the main numbers were rather difficult to find
and/or parse from the POV of another country.
Needless to say, I did not have any fun today.
And, although it is very tempting to just post the list of networks
that were abused I decided not to (instead, I contacted our peers who
are upstream of the various networks and asked them to educate their
downstreams because we've noticed an increase in attacks every time
someone posts a list of vulnerable networks to NANOG).
But I would like to forward this subset of the networks I pulled out
of my accounting data during the attack and post them here as MY VOTE
on why using RFC 1918 nets on an exterior net can be a Bad Idea:
10.15.1.254
10.21.1.11
10.21.1.90
10.21.1.191
10.21.1.193
10.21.1.195
10.21.1.196
10.21.1.197
10.21.1.199
10.21.1.200
10.21.1.201
10.21.1.202
10.21.1.203
10.21.1.205
10.21.1.206
10.21.1.207
10.21.1.208
10.21.1.209
10.21.2.53
10.21.2.100
127.0.0.2
172.16.31.3
172.16.31.10
172.16.31.11
172.16.31.249
172.16.71.11
172.16.71.12
172.16.71.180
192.168.1.1
Regards,
Kelly J.