[16100] in North American Network Operators' Group
Re: SMURF amplifier block list
daemon@ATHENA.MIT.EDU (Paul A Vixie)
Sun Apr 12 02:19:29 1998
To: nanog@merit.edu
cc: rbl@maps.vix.com
In-reply-to: Your message of "Sun, 12 Apr 1998 00:54:27 EDT."
<Pine.LNX.3.95.980412004957.1098O-100000@tarkin.fdt.net>
Date: Sat, 11 Apr 1998 23:16:00 -0700
From: Paul A Vixie <paul@vix.com>
> Would the vix people have any interest in just adding "being a smurf amp"
> to the possible causes for entry in the BGP version of RBL? That way, it
> would be harder for the smurf d00dz to get up to date lists.
Sadly, no. The existing RBL has a great deal of strength (measured by the
number of people who subscribe to it) but that strength comes primarily due
to the limited focus of the weapon. We're about mail abuse. Mail abuse is
something that everybody can understand and everybody agrees is a bad thing.
SMURF amplification is something that not everybody can understand and so
not everybody agrees that it's a bad thing.
I would ordinarily be willing to set up a second RBL-like feed, which due to
the nature of the attacks (SMURF vs SPAM) would only be available via BGP
(denying only mail transport from or to a SMURF amplifier network seems like
a round hole / square peg kind of thing), but I simply do not have the time
or money or people to do it. MAPS is an unfunded activity (with the notable
exception of donations from a few of you on NANOG) and I think we ought to
try to do a better job stopping SPAM before we try to use some of the same
overworked volunteers to take on something like SMURF amplifiers.
> I suggested this sort of thing a while ago, but don't currently have time
> to implement it. The vix people already have everything in place.
Perhaps we should just start a company called "@net.police"? :-) x 1000.
