Solution: Re: Huge smurf attack

• Previous message (by thread): Solution: Re: Huge smurf attack
• Next message (by thread): Solution: Re: Huge smurf attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 14 Jan 1999, Harold Willison wrote:

> that is realistic is to start catching and prosecuting the individuals
> doing this. This requires total cooperation between Tier 1 providers.. 
> and the ability on all brands of routers to trace this. This is not the
> case at this time, and I really don't see it heading that way anytime
> soon.

I don't necessarily agree.  Going forward we require new vendors to be
able to:

1. trace spoof address based attacks in a reasonable time
2. block spoofed attacks from coming from their customers
3. have a mechanism to repair or block amplifying addresses owned by their
customers

If the vendor won't commit to doing these things, we will not buy service
from them.  Ask my UUNet rep, she'll testify to this.  UUNet is losing a
potential $200,000 a month because they are not capable of tracing spoofed
attacks.  Instead I give my business to GTEI and Digex because both
companies have been very cooperative when asked to do these traces.

Anyway the point is that when money is involved, leverage is available.
These things can be fixed, it's just a matter of applying the right
pressure.

Brandon Ross            Network Engineering     404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc.  info at mindspring.com
                                                            ICQ:  2269442

Stop Smurf attacks!  Configure your router interfaces to block directed
broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.

• Previous message (by thread): Solution: Re: Huge smurf attack
• Next message (by thread): Solution: Re: Huge smurf attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]