[18351] in North American Network Operators' Group
Re: Smurf Prevention
daemon@ATHENA.MIT.EDU (Dalvenjah FoxFire)
Sun Jul 12 18:44:20 1998
Date: Sun, 12 Jul 1998 15:31:28 -0700
From: Dalvenjah FoxFire <dalvenjah@dal.net>
To: Richard Thomas <buglord@ex-pressnet.com>
Cc: nanog@merit.edu
In-Reply-To: <003001bdae3b$0cba95a0$0201a8c0@winblows.sy.net>; from Richard Thomas on Mon, Jul 13, 1998 at 04:48:41AM -0400
On Mon, Jul 13, 1998 at 04:48:41AM -0400, Richard Thomas put this into my mailbox:
> Perhaps we might have some success preventing smurfs from the most common
> sources, hacked machines on university dorm networks, by getting the
> university backbones to filter spoofs. Things like SUnet, FUnet, NYSERnet,
> etc, account for a large portion of universities used to smurf from, and it
> might be easier then trying to get each school to filter individually. I
> found the following two addresses for nysernet and funet but was unable to
> read or translate the Swedish on www.sunet.se.
That's one solution. What might be a better solution would be if the Big Few
networks (MCI, Sprint, UUnet, etc.) were to take the list of smurf amplifiers
from something like the SAR, *verify* that they're still smurf amplifiers,
and then refuse to route traffic from those networks.
Not only would it cut the smurfs down cold, but it would also get the folks
responsible for those networks to fix things.
Then again, if the big-bandwidth folks cared about such things, perhaps they
would have done so already.
*dealing with the third 10M+ smurf this weekend, the 40th or so since May, and
getting rather tired of it..*
-dalvenjah
--
Dalvenjah FoxFire (aka Sven Nielsen) "Aristotle was not Belgian. The central
Founder, the DALnet IRC Network message of Buddhism is not 'every man
for himself.' And the London Underground
e-mail: dalvenjah@dal.net is not a political movement."
WWW: http://www.dal.net/~dalvenjah/ -- Wanda, "A Fish Called Wanda"
whois: SN90 Try DALnet! http://www.dal.net/