Re: Government scrutiny is headed our way

[Karl Denninger <karl () mcs net>]

On Wed, Jun 17, 1998 at 06:33:14AM -0400, Richard Thomas wrote:
> -----Original Message-----
> From: Karl Denninger <karl () mcs net>
> To: Jay R. Ashworth <jra () scfn thpl lib fl us>
> Cc: nanog () merit edu <nanog () merit edu>
> Date: Tuesday, June 16, 1998 3:54 PM
> Subject: Re: Government scrutiny is headed our way
>
>
> > > > Since they don't cooperate, the only two defenses are:
>
> > > > 1. Black-hole detected amplifier networks (what we're doing here).
> > >
> > > Indeed.  And what I think is the best approach.  Kick 'em in the
> > > nads^Wnets.
> >
> > Not really.  The best approach is to nail a few of these folks with felony
> > indictments for the denial of service attacks, and the theft of the
> > amplifier network's services.  That would stop this practice cold.
>
>
> Unfortunantly I highly doubt this will have much impact. Firstly, all of the
> "smurf kiddies" are using hacked shells, so when you trace it back to them
> they don't care, they just move to the next machine. Secondly, the most
> annoying
> and persistant smurfers (read "conflict") are too stupid to know better even
> if you
> start bumping off smurfers left and right. You're likely to scare the casual
> immoral
> network admin who smurfs his isp's competition or such, but thats about it.
>
> My strategy is to hit the smurfers where it hurts, the broadcasts. I email
> the broadcast
> network, and their uplink, and their uplink, until something gets done. If
> you can exaust
> their broadcasts quickly enough it becomes too "expensive" for them to
> continue.

Well, we do it one better - we black-hole the network.

I just added another ~60 prefixes to the list after another persistent smurf
attack.  I've given up trying to trace them myself (although we do report
it) because the big networks, where this originates, are unwilling to help
in a timely fashion.

If people bitch about the connectivity  loss, well tough shit.  Better 
to have a working network that can get to 99.5% of the Internet than a
completely trashed one with full visibility.

I'm going to have to talk to our lawyers about whether or not we could *sue*
the amplifier networks.  Most of them are truly large organizations (ie:
universities, big corporations, big national providers, etc) and could easily 
pay such a judgement.

Heh, now there's an idea :-)

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
                             | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost