Solution: Re: Huge smurf attack
Alex P. Rudnev
alex at Relcom.EU.net
Sat Jan 16 18:14:14 UTC 1999
For the victim, there is not difference between -
- smurf amplifies abused by the hacker;
- broken box abused by the hacker to create flood attack;
- broken dialup provider abused to send spam.
Don't talk about the smurf, talk about badly-secured systems. Open
direct-broadcast is one example; open SMTP relay is another one;
non-fixed exploit abused to get root access is the third example.
This common case is - _someone does not secure his box/lan from abuse;
what should we do_.
The forths case is (not yet) - ISP does allow to send frauded SRC
On Sat, 16 Jan 1999, Steven J. Sobol wrote:
> Date: Sat, 16 Jan 1999 12:35:12 -0500
> From: Steven J. Sobol <sjsobol at nacs.net>
> To: Harold Willison <harold at agis.net>
> Cc: Joe Shaw <jshaw at insync.net>, nanog at merit.edu
> Subject: Re: Solution: Re: Huge smurf attack
> On Thu, Jan 14, 1999 at 12:46:44PM -0500, Harold Willison wrote:
> > Tracking down a smurf amplifier is not a problem. Getting the folks to
> > fix it
> > is a little harder than it should be now, as most of the folks left
> > with open
> > amplifiers have been notified and have to this point refused to fix or
> > are unable to fix it.
> Oh, good... then if they refuse to fix their problem, and it can be documented
> that they refuse to fix their problem, and someone uses them as an amplifier,
> they can get sued. I hope we have some documentation that these people refuse
> to do anything.
> Steve Sobol [sjsobol at nacs.net]
> Part-time Support Droid [support at nacs.net]
> NACS Spaminator [abuse at nacs.net]
> Proud resident of Cleveland Heights, Ohio, the coolest place on earth.
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG