Huge smurf attack

Dan Hollis goemon at sasami.anime.net
Mon Jan 11 19:10:15 UTC 1999


On Mon, 11 Jan 1999, Dalvenjah FoxFire wrote:
> If that were true, we wouldn't have smurf attacks at all. There are
> still many, many clueless or otherwise incompetent ISPs and/or companies
> out there (many of whom are large ISPs and/or telcos who should know better
> but don't) who have many, many smurf-amplifier netblocks. Heck, the US
> Military has half of the entries at netscan.org (and they're supposedly
> the ones worried about "cyber-terrorism").

Perhaps its time to publicize these smurf amplifiers. Maybe CNET or
someone would like to run a front page article explaining how US tax
dollars are being used to enable denial of service attacks on private
corporations on the internet.

Its time to enforce ip spoofing rules. Any network found sourcing packets
that dont belong to them should be disconnected until they install proper
filters. Anyone found leaking rfc1918 addresses should be disconnected too
until they fix their filters.

Or perhaps someone would like to take a proactive approach at scanning for
smurfable networks and closing them before the script kiddies find them?
Maybe nanog members could pitch in fees to hire someone full time to scan
for smurf networks and shut them down.

-Dan




More information about the NANOG mailing list