[68282] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
daemon@ATHENA.MIT.EDU (Avleen Vig)
Sun Mar 7 17:09:46 2004
Date: Sun, 7 Mar 2004 14:08:13 -0800
From: Avleen Vig <lists-nanog@silverwraith.com>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: "Stephen J. Wilcox" <steve@telecomplete.co.uk>,
Paul Vixie <paul@vix.com>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0403072046450.15373@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, Mar 07, 2004 at 08:48:00PM +0000, Christopher L. Morrow wrote:
> > > actually, it would. universal uRPF would stop some attacks, and it would
> > > remove a "plan B" option for some attack-flowcharts. i would *much* rather
> > > play defense without facing this latent weapon available to the offense.
> >
> > I'm agreeing here, okay (yet anoter) example.. smurf attacks. These seem to be
> > non-existent these days so shall we stop disabling 'ip directed-broadcast' on
> > our routers?
>
> smurf attacks are far from 'non-existent' today, however they are not as
> popular as in 1999-2000-2001. In fact netscan.org still shows almost 9k
> networks that are 'broken'.
A few of us tried (like netscan, only more agressively on a weekly
basis) to find and try to get closed, smurf amplifiers in the RIPE
region.
We eventually gave up after closing ~20k, when the last few k refused to
do anything at all.
"My network is just a /30! Who cares, you're only getting TWO replies
back for ONE packet, it's not like the big amplifiers! I'm not going to
fix this!".
To anyone with this attitude: You are an idiot.
--
Avleen Vig
Systems Administrator
