nanog mailing list archives

Re: Smurf Prevention

From: "Richard Thomas" <buglord () ex-pressnet com>
Date: Tue, 14 Jul 1998 04:24:52 -0400

-----Original Message-----
From: Joe Shaw <jshaw () insync net>
To: Richard Thomas <buglord () ex-pressnet com>
Cc: nanog () merit edu <nanog () merit edu>
Date: Monday, July 13, 1998 10:44 AM
Subject: Re: Smurf Prevention

On Mon, 13 Jul 1998, Richard Thomas wrote:

HOW HARD CAN IT BE to take care of 500 broadcasts? Very hard, since the

only

bcasts still left are those with broken contact information and upstreams
who haven't been informed or who don't give a damn. Maybe if we all

picked

10 of the worst offenders every day, picked up the phone, and started
informing people who have missed the boat...


I'm still quite fond of blackholing entities which are completely
irresponsible, though for the larger carriers this wouldn't be much of a
threat.  But after having tried to track down smurfers, I'm wondering if
anyone has ever actually done it.  I would think you would have to either
get in touch with a smurf amplifier or their upstream to track the DoS,
but how successful has anyone been in doing so?  I would think that
since smurfs have been popular amongst the script kiddies for so long
that all the entities that are easy to get in touch with have already
heard from victims and hopefully fixed the situation.  Also, I wonder if
there is any way to hold the amplifiers legally responsible for smurfs
that use their networks after being given repeated notice?


I certainly know people who have had it traced back (when a bcast being used
is on a major backbone, or after 2-3 days of being attacked), but I have not
actually heard of anyone being "caught". In all cases the smurfer was on a
university network, several times in euro, a few in the US, and no attempts
were made to find the kid involved. Besides we all know the only thing they
would find is someone's wingate. As for holding amplifiers responsible,
everyone talks about it, nobody does it, and if they are liable for being a
broadcast you're not gonna get much of a judgement, since you can't prove
malicious intent.

Current thread:

Smurf Prevention Richard Thomas (Jul 12)
- Re: Smurf Prevention Dalvenjah FoxFire (Jul 12)
- <Possible follow-ups>
- Re: Smurf Prevention Richard Thomas (Jul 12)
  - Re: Smurf Prevention Michael Dillon (Jul 12)
  - Re: Smurf Prevention Joe Shaw (Jul 13)
- Re: Smurf Prevention Richard Thomas (Jul 13)
  - Re: Smurf Prevention Oystein Homelien (Jul 14)