Re: Solution: Re: Huge smurf attack

["Alex P. Rudnev" <alex () Relcom EU net>]

Btw.

For the victim, there is not difference between -
- smurf amplifies abused by the hacker;
- broken box abused by the hacker to create flood attack;
- broken dialup provider abused to send spam.

Don't talk about the smurf, talk about badly-secured systems. Open 
direct-broadcast is one example; open SMTP relay is another one; 
non-fixed exploit abused to get root access is the third example.

This common case is - _someone does not secure his box/lan from abuse; 
what should we do_.

The forths case is (not yet) - ISP does allow to send frauded SRC 
addresses.


On Sat, 16 Jan 1999, Steven J. Sobol wrote:

> Date: Sat, 16 Jan 1999 12:35:12 -0500
> From: Steven J. Sobol <sjsobol () nacs net>
> To: Harold Willison <harold () agis net>
> Cc: Joe Shaw <jshaw () insync net>, nanog () merit edu
> Subject: Re: Solution: Re: Huge smurf attack
>
> On Thu, Jan 14, 1999 at 12:46:44PM -0500, Harold Willison wrote:
> >  
> > Tracking down a smurf amplifier is not a problem. Getting the folks to 
> > fix it 
> > is a little harder than it should be now, as most of the folks left 
> > with open  
> > amplifiers have been notified and have to this point refused to fix or 
> > are unable to fix it. 
>
> Oh, good... then if they refuse to fix their problem, and it can be documented
> that they refuse to fix their problem, and someone uses them as an amplifier,
> they can get sued. I hope we have some documentation that these people refuse
> to do anything.
>  
> -- 
> Steve Sobol [sjsobol () nacs net]
> Part-time Support Droid [support () nacs net]
> NACS Spaminator [abuse () nacs net]
>
> Proud resident of Cleveland Heights, Ohio, the coolest place on earth.
> http://www.ClevelandHeights.com

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)