Solution: Re: Huge smurf attack

Brandon Ross bross at
Thu Jan 14 02:01:04 UTC 1999

On Wed, 13 Jan 1999, Phil Howard wrote:

> So my position is that until we do have a practical solution to solve the
> cause of the problem, we simply have to deal with the effects the best we
> can, and this does mean dealing with and addressing the symptoms so that
> we do not suffer the effects.

I have to admit, your logical extension of my argument is valid.  I
suppose if we really wanted to fix the true case of the problem we would
track down the parents of the abusers and punish them for not raising
their kids properly.  My choice of words was rather poor.

> The question is just what steps are the ones we should do.

Right.  The idea that I was attempting to get across is that the problem
should be treated as close to the source as possible, and to treat the
problem in the most user invisible manner possible.  I do not believe that
it is unreasonable to get networks that have not blocked amplifiers to do
so.  I also don't believe that it's unreasonable to get backbone providers
to block spoofed traffic.  Sure, it's definitely more difficult than just
throwing some filtering at the problem, but I think it's worth the extra
effort if it means that we still have access to a valuable tool like ping.
If we as an industry push our vendors hard enough to get these features
enabled by default in their equipment, then when a customer buys a new CPE
router, they're one less problem to worry about.

> I admire Mindspring's position of making Internet access unrestricted.
> But what is the real motivation?  Is it the goal of "perfect IP" or is
> the business case of decreasing tech support costs?  They are, afterall,
> in the business of providing consumer dialup access, and as we all know
> that line of business is very costly in areas of tech support.  Network
> attacks are also a real cost.  I would suggest that treating some of the
> symptoms, at least for now, will cut some costs until the day that we
> can achieve the utopian goal of the perfect solution to the cause.

The real motivation really is to provide unrestricted network access.
Sure we're out to make money, we are a business after all, but we also
have a set of ideals that we try to live up to as well.

Regardless, even from a strict monetary point of view, while the smurf
attacks against us are most certainly harmful, they don't cost us nearly
as much as the tech support calls blocking ICMP echo would generate.

Brandon Ross            Network Engineering     404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc.  info at
                                                            ICQ:  2269442

Stop Smurf attacks!  Configure your router interfaces to block directed
broadcasts. See for details.

More information about the NANOG mailing list