Huge smurf attack

Dalvenjah FoxFire dalvenjah at DAL.NET
Mon Jan 11 18:13:51 UTC 1999

On Mon, Jan 11, 1999 at 12:14:04PM -0500, Jeremiah Kristal put this into my mailbox:

> On Mon, 11 Jan 1999, Phil Howard wrote:
> <<snip discussion about how clueful operators filter RFC1918 addresses>>
> Granted it's not that large an amplifier, but it seems odd that
> even an RFC1918 network would be used as an amplifier for this long
> without someone finding and securing it.

If that were true, we wouldn't have smurf attacks at all. There are
still many, many clueless or otherwise incompetent ISPs and/or companies
out there (many of whom are large ISPs and/or telcos who should know better
but don't) who have many, many smurf-amplifier netblocks. Heck, the US
Military has half of the entries at (and they're supposedly
the ones worried about "cyber-terrorism").

I've come to the unfortunate conclusion that very few people seem to care
about system and network security until they are directly affected because of
something they neglected. If it were otherwise, you wouldn't see "well-known"
sites such as Yahoo, the NY Times, &etc. getting hacked
week after week.

Much as I hate to say it, this seems to be one area where industry
self-regulation has utterly failed. I don't know what would be a better
solution; I hate to suggest government regulation. But I'm at a loss here.


 Dalvenjah FoxFire (aka Sven Nielsen)    May the schwartz be with you!
 Founder, the DALnet IRC Network
 e-mail: dalvenjah at            WWW:
 whois: SN90                          Try DALnet!

More information about the NANOG mailing list