The biggest I've ever found is 12.79.237.0, depending on the host you ping
it from you can get between 900-1200 dupes, all from 12.79.237.1 which
reverses to 1.new-york-60rs.ny.dial-access.att.net. I've mailed at&t about
this several times and have gotten no response.
On another note, I wrote a broadcast scanner about a month ago that scans
many ips in parallel so its quite fast. I took a swat at a fairly good sized
chunk of the internet in about 24 hours and spent the next week mailing
everyone with more then 10 dupes. The breakdown of replies was something
like this (out of 900 received):
40% thanking me for pointing out a router or broadcast they missed
30% from an uplink informing me they have done the filtering for a customer
10% auto-replies
9% from people who tried to tell me they were secured (they weren't) =)
3% complaints from MCI 'cause the mail was going to the wrong department
3% hate mail from people convinced I was flooding their network
3% from people telling me they no longer maintained those networks
1% people telling me that I just found a 200 dupe network on an isdn line.
1% misc. stuff
of the messages from people telling me they had patched themselves, 15% were
not or missed a broadcast (like filtering .255 and missing .0). However
after pointing this out I believe almost all were patched properly.
About 1 week later I manually tested some of the biggest broadcasts and
amazingly enough almost ALL were patched. Unfortunately despite this success
it seems my uplink received some rather nasty calls from people complaining
about the scanning, so I was unable to continue scanning from that location.
The slowest part of the process is the rwhois'ing of each /24, not to
mention the 10 min timeout after 100 or so rwhois lookups. I made a slight
effort to spread the load out among vhosts and to do parallel lookups but
wasn't able to get it functional.
The least responsive networks seem to be military based. I easily had 1000
networks on army.mil navy.mil or af.mil (large numbers of dupes btw) with
dud contact information.
If anyone has a system they can donate for scanning or would like to work on
a better anti-smurf project, let me know.
