[22547] in North American Network Operators' Group
Re: Huge smurf attack
daemon@ATHENA.MIT.EDU (Dalvenjah FoxFire)
Mon Jan 11 13:37:52 1999
Date: Mon, 11 Jan 1999 10:13:51 -0800
From: Dalvenjah FoxFire <dalvenjah@DAL.NET>
To: Jeremiah Kristal <jeremiah@fs.IConNet.NET>
Cc: Phil Howard <phil@whistler.intur.net>, bross@mindspring.net,
nanog@merit.edu
In-Reply-To: <Pine.GSO.3.92.990111114707.28827e-100000@fs.IConNet.NET>; from Jeremiah Kristal on Mon, Jan 11, 1999 at 12:14:04PM -0500
On Mon, Jan 11, 1999 at 12:14:04PM -0500, Jeremiah Kristal put this into my mailbox:
> On Mon, 11 Jan 1999, Phil Howard wrote:
>
> <<snip discussion about how clueful operators filter RFC1918 addresses>>
>
> Granted it's not that large an amplifier, but it seems odd that
> even an RFC1918 network would be used as an amplifier for this long
> without someone finding and securing it.
If that were true, we wouldn't have smurf attacks at all. There are
still many, many clueless or otherwise incompetent ISPs and/or companies
out there (many of whom are large ISPs and/or telcos who should know better
but don't) who have many, many smurf-amplifier netblocks. Heck, the US
Military has half of the entries at netscan.org (and they're supposedly
the ones worried about "cyber-terrorism").
I've come to the unfortunate conclusion that very few people seem to care
about system and network security until they are directly affected because of
something they neglected. If it were otherwise, you wouldn't see "well-known"
sites such as Yahoo, the NY Times, starwars.com &etc. getting hacked
week after week.
Much as I hate to say it, this seems to be one area where industry
self-regulation has utterly failed. I don't know what would be a better
solution; I hate to suggest government regulation. But I'm at a loss here.
-dalvenjah
--
Dalvenjah FoxFire (aka Sven Nielsen) May the schwartz be with you!
Founder, the DALnet IRC Network
e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/
whois: SN90 Try DALnet! http://www.dal.net/
