Re: ip directed-broadcast

[Ken Leland <kwl () shell monmouth com>]

Jon wrote: 
> about what I wrote:
> > 1.)   they will not continue to try to trace this. (they had made 
> >         some previous unsuccessful efforts)
>
> Strike 1.
>
> > 2.)   they will no longer filter icmp echo reply for me, even though
> >         they understand that my link is now useless without that.
> >     They do not have cpu cycles to spare for this purpose.
>
> or few line filters push the CPU over the edge....Strike 2.
>
> > 3.)   they do not see this type of attack very often and don't 
> >         consider it much of a problem.
>
> Sure...it causes them very little trouble.  Odds are good their NOC gets
> smurfed very rarely.  Strike 3.

Yep 3 strikes and you're out. Sad, I've gotten excellent service
from this provider until this recent policy snafu.

> NOC and let them know that you consider your T1 to Sprint unusable, and do
> not intend to pay the next bill...at least no in full.

calls into the account rep already placed on this issue.

> FDT used to have major problems with smurf attacks...I was getting to be
> on a first name basis with most of UUNET's NOC graveyard shift.  They'd
> usually put in a temporary filter to stop the attack, though sometimes it
> took longer than other's.  What finally stopped the attacks was looking at
> who/what was being attacked.  At least in our case, systems weren't being
> smurfed just for the heck of it.  Generally, there was something going on
> that was (justifiably or not) pissing someone somewhere off.  Make sure
> your users and systems are behaving, and the smurfing is likely to stop. 

Yep, I know right off hand of several possibilities. A possibly disgruntled
former employee who just lost a case against us in court the day before
the attack started, or a guy that posts rather obnoxious stuff to the
local nj newsgroups that a lot of people dislike, etc. With 7000 customers,
you will ocasionally find one that is not as polite as he(she) should be.
We do respond quickly to abuse/postmaster/sysadmin complaints so I don't 
believe we are sitting on pentup outrage over our customers abusing other 
networks/systems with no recourse.  Of course, this could be a snit
where the other side doesn't particularly want to tell their story to
management types.

Ken Leland