[21940] in North American Network Operators' Group
Re: About last smurf floods - additional info
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Nov 25 09:25:59 1998
Date: Wed, 25 Nov 1998 09:01:16 -0500
To: "Alex P. Rudnev" <alex@Relcom.EU.net>
From: Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.SUN.3.91.981125161843.10807n-100000@virgin.relcom.eu.
net>
At 04:25 PM 11/25/98 +0300, Alex P. Rudnev wrote:
>You are not right, everything should be done - clearing trojans from your
>servers, filtering frauded SRC addresses (most important issue),
>decreasing SMURF amplifyers, lawsuits agains the hackers. It's amazing,
>but we have not ANY official complain from foreign countries (foreign
>companies) through I have asked such complain any time I'v write about
>the broken system/network.
As aside, ingress filtering (a la RFC2267) or unicast RPF checks work
quite well in filtering out traffic originating from bogons.
Both of these are relatively simple to invoke.
The key issue here is that (it appears that) some networks are not
taking "socially responsible" actions beacuse of either (a) laziness,
(b) ignorance, or (c) both.
- paul
