Re: About last smurf floods - additional info

[Paul Ferguson <ferguson () cisco com>]

At 04:25 PM 11/25/98 +0300, Alex P. Rudnev wrote:

> You are not right, everything should be done - clearing trojans from your 
> servers, filtering frauded SRC addresses (most important issue), 
> decreasing SMURF amplifyers, lawsuits agains the hackers. It's amazing, 
> but we have not ANY official complain from foreign countries (foreign 
> companies) through I have asked such complain any time I'v write about 
> the broken system/network.

As aside, ingress filtering (a la RFC2267) or unicast RPF checks work
quite well in filtering out traffic originating from bogons.

Both of these are relatively simple to invoke.

The key issue here is that (it appears that) some networks are not
taking "socially responsible" actions beacuse of either (a) laziness,
(b) ignorance, or (c) both.

- paul