nanog mailing list archives

Re: Reporting Little Blue Men

From: Adrian Bool <aid () u-net net>
Date: Tue, 20 Jan 1998 19:09:01 +0000 (GMT)

On Tue 20 Jan, Eric Wieling wrote:

Just about every night someone(s) tries to use us as the "innocent
third party" in smurf attacks.  Of course, we block and log all the
broadcast packets.

Is there any point in trying to report these attacks?  Who would we
report them to?  We don't know what the source is, after all the
address is spoofed.  It seems kind of pointless to notify the victim
-- they already know they have been smurfed.

I want to do my part to try to stop attacks, but I'm baffled on this
one.


If you can tell which interface it enters your network (and from which router
if at an exchange) notify the next hop towards the source... then if they
follw the same procdure eventually the culprit may be found...

aid


-- 
Adrian J Bool                   | mailto:aid () u-net net
Network Operations              | http://www.noc.u-net.net/
U-NET Ltd, UK                   | tel://44.1925.484461/

Current thread:

Reporting Little Blue Men Eric Wieling (Jan 20)
- Re: Reporting Little Blue Men Adrian Bool (Jan 20)
- Re: Reporting Little Blue Men Dean Anderson (Jan 20)
  - Re: Reporting Little Blue Men Martin Hannigan (Jan 20)
  - Re: Reporting Little Blue Men M. David Leonard (Jan 21)
  - Re: Reporting Little Blue Men Jordyn A. Buchanan (Jan 21)
  - Re: Reporting Little Blue Men Dave Siegel (Jan 21)
    - Re: Reporting Little Blue Men Dean Anderson (Jan 21)
    - Message not available
    - Re: Reporting Little Blue Men Jay R. Ashworth (Jan 21)
    - Re: Reporting Little Blue Men ^Faust^ (Jan 21)
    - Message not available
    - Re: Reporting Little Blue Men Jay R. Ashworth (Jan 21)
    - Re: Reporting Little Blue Men NetSurfer (Jan 21)

(Thread continues...)