nanog mailing list archives
Re: Solution: Re: Huge smurf attack
From: Phil Howard <phil () whistler intur net>
Date: Thu, 14 Jan 1999 18:28:29 -0600 (CST)
Brandon Ross wrote:
We report these incidents to the FBI when there is at least a slim chance that the perpetrator might be caught. We get a lot of very short lived attacks (30 minutes or less) that just don't seem to be worth our time to report to the FBI, since there's usually no data that would give them a bit of a clue about who might have done it.
My recommendation is to take all the incidents that you are currently classifying as unlikely to be resolved, and prepare a report on each one with as much data as you can gather about them, and supply that report to the FBI anyway. This will help them understand just what is going on, and may even help them acquire additional budgets and funding to expand their resources to be more effective at investigating more of these incidents. This will allow them to keep better statistics on just what problems are being seen in the Internet, whether they be kids with scripts or terrorists. The line between these groups will be getting fuzzier, so we cannot disregard it at all. It might also be interesting if we can as a group collect and merge the data on these incidents. I know there are some agencies that already do this, and if someone has some detail on that, maybe that will be a good start. I know that I would be interested in comparing not only the list of addresses that smurf incidents are coming from, but also comparing the load balance of these addresses (e.g. do addresses that show up twice as much in one incident also do so in another?). If we can identify the addresses that regularly show up, perhaps that may motivate the FBI to insist on a "wiretap" at the location of the smurf amplifiers frequently seen. Then from there they may be able to begin backtracking attacks and find the real source(s). -- -- *-----------------------------* Phil Howard KA9WGN * -- -- | Inturnet, Inc. | Director of Internet Services | -- -- | Business Internet Solutions | eng at intur.net | -- -- *-----------------------------* phil at intur.net * --
Current thread:
- Re: Solution: Re: Huge smurf attack, (continued)
- Re: Solution: Re: Huge smurf attack Joe Shaw (Jan 14)
- Re: Solution: Re: Huge smurf attack David Lesher (Jan 14)
- Re: Solution: Re: Huge smurf attack David Lesher (Jan 14)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 14)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 14)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 14)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 15)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 15)
- Re: Solution: Re: Huge smurf attack Joe Shaw (Jan 14)
- Re: Solution: Re: Huge smurf attack Ray Everett-Church (Jan 14)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 14)
- Re: Solution: Re: Huge smurf attack Daniel Senie (Jan 14)
- Re: Solution: Re: Huge smurf attack Phil Howard (Jan 14)
- Re: Solution: Re: Huge smurf attack Robbie Honerkamp (Jan 14)
- Re: Solution: Re: Huge smurf attack Dan Hollis (Jan 12)
- Re: Solution: Re: Huge smurf attack Brandon Ross (Jan 12)
- Re: Solution: Re: Huge smurf attack Brett Frankenberger (Jan 13)
- Re: Solution: Re: Huge smurf attack Daniel Senie (Jan 13)