Home page logo
/

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: Marc Slemko <marcs () znep com>
Date: Sun, 12 Apr 1998 00:03:00 -0600 (MDT)

On Sun, 12 Apr 1998, Karl Denninger wrote:

[...]
The folks who can source significant smurfs today are NOT Joe's T1 and Grill.
They are NATIONAL and INTERNATIONAL ISPs who damn well ought to know how to 
prevent this and why they should.  The guy with a T1 can't hit us hard
enough to even show up on our monitors.  To make my blacklist you have to
hit me with enough bandwidth that we *see* the problem, and that means
you're at least mid-fractional-DS3 connected.

And that is a very important point here.  While trying to fix every
network that can be used for smurf attacks would be a very difficult or
even futile attempt, every network that can be used for smurf attacks
isn't the issue.  Yes, it is still bad, but as Karl says no matter what
they do, smurf replies originating from a T1 connected network can't take
down a moderate backbone without special effort.  (ie. exploiting some
other hole other than just flooding the bandwidth)

Any sort of pressure that can be exerted to fix the well connected
networks that cause problems, including public flogging, is appropriate.
Also note that the networks that can cause real problems should have staff
capable of fixing the problem without any hassles, although should and do
are very different.  The best part of all this is that the people that
refuse to take action to stop their networks being used in this manner are
wasting their own bandwidth and quite possibly a lot of money. 

Karl can be quite persistent in flogging dead (or nonexistent) horses, but
I think it is a good thing he is flogging this one.




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]