Solution: Re: Huge smurf attack

Daniel Senie dts at
Thu Jan 14 15:50:23 UTC 1999

Peter Swedock wrote:

[much discussion snipped for brevity]

> But if you want "unrestricted internet access" you'll get pages like "The
> Nuremburg Files" and you'll get people who object to that...
> I don't know what the solution is... but I do think we'll all be better off
> opening our eyes to the situation, rather than simply blaming the
> 'skriptkiddiez'.

"Unrestricted Internet Access" will indeed mean different things to
different people. For some, it'll mean access to the web without
transparent proxies. For others, it means access to properly secured
SMTP servers anywhere without someone either filtering or transparently
redirecting their packets. I tend to think of it as "don't limit my
ability to do 'normal' things."

Since I do network consulting, I may well log onto Mindspring or AT&T
Worldnet or some other ISP to run traceroutes or pings back against a
network I'm working on, to be sure it looks OK from outside. I may be
testing to see that routing policy or filters at a corporate site are
functioning correctly. So, I ask ISPs what their policies are. Granted
I'm not a typical customer.

The real lesson to be learned here, though, as others have stated, is
the 'net is getting an exposure to terrorism. Now, we can run around and
say "illegal, illegal" and try to get law enforcement to do something,
but law enforcement may well say "why don't you improve your security?"
If waging a campaign to get smurf amplifiers eradicated helps, then DO
IT. At the same time, add the ability to detect attempted smurfings, and
report them.

Take it as a gift that the you were woken up to the problems by "kids"
(if that's what it was), rather than by hardcore terrorists. It may well
be time for the backbone providers and larger ISPs to develop
anti-terrorism plans. The Internet has passed the point of being a
useful tool in society and is becoming a critical element in everyday
life. Perhaps this should be a new topic at NANOG.


Daniel Senie                                        dts at
Amaranth Networks Inc.  

More information about the NANOG mailing list