Reporting Little Blue Men

• Previous message (by thread): Reporting Little Blue Men
• Next message (by thread): Reporting Little Blue Men
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue 20 Jan, Eric Wieling wrote:
> Just about every night someone(s) tries to use us as the "innocent
> third party" in smurf attacks.  Of course, we block and log all the
> broadcast packets.
> 
> Is there any point in trying to report these attacks?  Who would we
> report them to?  We don't know what the source is, after all the
> address is spoofed.  It seems kind of pointless to notify the victim
> -- they already know they have been smurfed.
> 
> I want to do my part to try to stop attacks, but I'm baffled on this
> one.

If you can tell which interface it enters your network (and from which router
if at an exchange) notify the next hop towards the source... then if they
follw the same procdure eventually the culprit may be found...

aid


-- 
Adrian J Bool			| mailto:aid at u-net.net
Network Operations		| http://www.noc.u-net.net/
U-NET Ltd, UK			| tel://44.1925.484461/

• Previous message (by thread): Reporting Little Blue Men
• Next message (by thread): Reporting Little Blue Men
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]