SMURF amplifier block list

Marc Slemko marcs at
Sun Apr 12 06:03:00 UTC 1998

On Sun, 12 Apr 1998, Karl Denninger wrote:

> The folks who can source significant smurfs today are NOT Joe's T1 and Grill.
> They are NATIONAL and INTERNATIONAL ISPs who damn well ought to know how to 
> prevent this and why they should.  The guy with a T1 can't hit us hard
> enough to even show up on our monitors.  To make my blacklist you have to
> hit me with enough bandwidth that we *see* the problem, and that means
> you're at least mid-fractional-DS3 connected.

And that is a very important point here.  While trying to fix every
network that can be used for smurf attacks would be a very difficult or
even futile attempt, every network that can be used for smurf attacks
isn't the issue.  Yes, it is still bad, but as Karl says no matter what
they do, smurf replies originating from a T1 connected network can't take
down a moderate backbone without special effort.  (ie. exploiting some
other hole other than just flooding the bandwidth)

Any sort of pressure that can be exerted to fix the well connected
networks that cause problems, including public flogging, is appropriate.
Also note that the networks that can cause real problems should have staff
capable of fixing the problem without any hassles, although should and do
are very different.  The best part of all this is that the people that
refuse to take action to stop their networks being used in this manner are
wasting their own bandwidth and quite possibly a lot of money. 

Karl can be quite persistent in flogging dead (or nonexistent) horses, but
I think it is a good thing he is flogging this one.

More information about the NANOG mailing list