More smurf networks. FIX YOUR ROUTERS.

Hi folks,

I found a small list of smurf relays in a hacked account today and managed
to mail all those folks privately asking that they fix their routers. I
was reasonably proud of myself.

Then I found this list, full of 175 different networks. Nearly all the
ones I tried work, and the ones that didn't work didn't respond on other
IPs either, so I'm assuming unreachability. This is a fresh list from
an active smurfer, however, so it does work. (Boy, does it work. }:stuck_out_tongue: )

Since it would take me upwards of two weeks just to mail these folks -
unless I put off work, school, and the like - I determined it would be
much better to post the list to nanog and see what doesn't work after a
few weeks. (Translation: there is no way in hell I'm mailing all these
folks, not even with a script to try and parse all the internic/apnic/
whatever whois outputs.)

Yes, I realize this means that The Scum will start smurfing like crazy;
however, this also means that those networks will get fixed quicker
when they realize their outbound link is completely saturated with

Please pass this around, call folks you know, call folks you don't know,
do whatever it takes to get these folks to fix their routers. I have
spent the past week dealing with various smurfs taking down ISPs, and
I am getting extremely sick of it.

(Note, if you're fixed, and you're on this list, I apologize; again,
I don't have the time to check each and every address.)


Its not hard to block /24's at the core of your network

What about subnet assignments to customers using CPE that do not have
directed broadcast. Sure you can setup special filters for each subnet -
I'd find it hard to believe most large network operators do this because
of the admin overhead and low(er) potential impact from amplifiers.


Dalvenjah FoxFire wrote:



That is one of our customers;
i thought that i fixed all with "no ip directed-broadcast"
well. does anybody know how to implement a filter with
is denying the broadcast on a Ascend MAX 4000 Series (or even Pipe 50)
because they don't have ciscos :-(((

Any help appreciated!

Jan Czmok
Senior Network Engineer

The v6.0.2 software on the MAX lets you block directed broadcasts (last
option under the ethernet config). That version has been very stable for
me...does NSSA in OSPF too.


Jan Czmok wrote:

No Problem!The network is NOT LONGER a SMURF AMPIFIER - we fixed it
I think all of our routes are clean now...

  Muchas gracias. :slight_smile:

[NANOG OFF-TOPIC:] Another question: how about getting the irc server
connected to ?

  We look forward to hearing from you. :slight_smile: One note, we will shortly be
amending the application to indicate that the minimum number of users
your server would need to support is 1,500.