Re: Solution: Re: Huge smurf attack

[Harold Willison <harold () agis net>]

Tracking down a smurf amplifier is not a problem. Getting the folks to fix it
is a little harder than it should be now, as most of the folks left with open 
amplifiers have been notified and have to this point refused to fix or are unable to fix it.

The real solution is to catch the person starting the attack. Until the 'kiddies' start seeing
people paying a price for this, they aren;t going to stop. I could make sure every person on
my network is configured so that noone within their network is able to spoof addresses and can't be used
as an amplifier, but this will not protect me and my network from attacks aimed towards us.
As long as there are networks that allow spoofed addresses, we will be vulnerable. To even consider the fact 
that every network will eliminate the ability to forge addresses it unrealistic. We can't get folks to stop being amplifiers, how are we going to get them to apply the spoof filters? The only solution
that is realistic is to start catching and prosecuting the individuals doing this. This requires total
cooperation between Tier 1 providers.. and the ability on all brands of routers to trace this.
This is not the case at this time, and I really don't see it heading that way anytime soon. 


At 10:06 AM 1/14/99 -0600, you wrote:
>
>My only question is do any of you who've been under attack report these
>incidents to the FBI and the other appropriate agencies?  I understand
>that a lot of these places are Universities and Govt. agencies where
>finding someone to fix the problem is like running through water, but I
>can only wonder if having the FBI get involved in these things would help.
>
>Two agents from the Houston office recently gave a presentation talking
>about their new and expanding computer crimes divisions popping up around
>the country.  They kept harping on protecting the infrastructure of the
>nations public networks, and I think helping track down smurf amplifiers
>would fall under this.
>
>--
>Joseph Shaw        - jshaw () insync net
>NetAdmin/Security  - Insync Internet Services
>Free UNIX advocate - "I hack, therefore I am."
>
>On Thu, 14 Jan 1999, Alex P. Rudnev wrote:
>
>> I am not sure about last smurf incident, but don't overestimate _dark 
>> minds_ caused this incident. I am 99.9% shure all (ALL) this incidents 
>> complained about in NANOG was the same _kidscripts_.
>> 
>> This do not mean you should not prevent the possibility of 
>> _cyberterrorism_, and let's this _kid's plays_ help to pay attention to 
>> the security holes we have over the Internet.
>
>
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
|  Harold Willison              AGIS Network Engineering      |
*  Senior Network Engineer        313-730-5151                *
|  noc () agis net                   313-730-1130  x-5649        |
|  harold () agis net             24 hours a day, 7 days a week  |
|                http://www.agis.net                |                               
\*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*/