Smurf Prevention

Dalvenjah FoxFire dalvenjah at
Sun Jul 12 22:31:28 UTC 1998

On Mon, Jul 13, 1998 at 04:48:41AM -0400, Richard Thomas put this into my mailbox:

> Perhaps we might have some success preventing smurfs from the most common
> sources, hacked machines on university dorm networks, by getting the
> university backbones to filter spoofs. Things like SUnet, FUnet, NYSERnet,
> etc, account for a large portion of universities used to smurf from, and it
> might be easier then trying to get each school to filter individually. I
> found the following two addresses for nysernet and funet but was unable to
> read or translate the Swedish on

That's one solution. What might be a better solution would be if the Big Few
networks (MCI, Sprint, UUnet, etc.) were to take the list of smurf amplifiers
from something like the SAR, *verify* that they're still smurf amplifiers,
and then refuse to route traffic from those networks.

Not only would it cut the smurfs down cold, but it would also get the folks
responsible for those networks to fix things.

Then again, if the big-bandwidth folks cared about such things, perhaps they
would have done so already.

*dealing with the third 10M+ smurf this weekend, the 40th or so since May, and
 getting rather tired of it..*

 Dalvenjah FoxFire (aka Sven Nielsen) "Aristotle was not Belgian. The central
 Founder, the DALnet IRC Network      message of Buddhism is not 'every man
                                      for himself.' And the London Underground
 e-mail: dalvenjah at            is not a political movement."
 WWW:    -- Wanda, "A Fish Called Wanda"
 whois: SN90                          Try DALnet!

More information about the NANOG mailing list