Jon Lewis put this into my mailbox:
FDT used to have major problems with smurf attacks...I was getting to be on a first name basis with most of UUNET's NOC graveyard shift. They'd usually put in a temporary filter to stop the attack, though sometimes it took longer than other's. What finally stopped the attacks was looking at who/what was being attacked. At least in our case, systems weren't being smurfed just for the heck of it. Generally, there was something going on that was (justifiably or not) pissing someone somewhere off. Make sure your users and systems are behaving, and the smurfing is likely to stop.
I agree with this, to an extent. However, not all cases are like this. We've been dealing with a particular smurfer for a little over a month and a half now. Basically, this person will sit and spam people. If we try to block or disconnect him, he automatically smurfs one of our servers from one of his hacked accounts, of which he has quite a few. We've managed to trace him back to a few Aussie ISPs, and have gotten responses out of some of the people in charge of the machines he's hacked, but at this point I'm getting mighty sick of people ignoring our e-mails and phone calls (one Aussie *dialup* ISP comes to mind), and I'm trying to figure out how best to sum up the situation to the FBI computer crimes division. (I'm planning to go to them with a list of things we can charge this person with, including theft of service, extortion, and blackmail..) The moral is, though, some of your users could just be going about their business normally, and someone who doesn't take 'no' for an answer is using smurfing to get what they want. (This is also why I currently have the attitude that if your network isn't protected against smurf-broadcasting, or it isn't filtering spoofing, or your machines aren't adequately monitored to ensure that accounts don't get hacked, then you don't deserve to be connected to the internet, and should pay the rest of us for the trouble of cleaning up your messes.) -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) I once heard the voice of God. It Founder, the DALnet IRC Network said "Vrrrrrmmmmmm." Unless it was just a lawn mower. e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/