Would you and other operators be willing to modify peering agreements to include serious fines for running a smurf amplifier or allowing packets with bogus source addresses to enter the system?
See my previous rant about providers barely honoring existing agreements. I don't see the point in adding things that are going to be ignored.
Tracking back bogus source addresses seems hard. Would fines on smurf amplifiers be good enough to fix the smurf problem? Or do we need to catch a smurfer to use as an example?
In reality this isn't a problem unique to the Internet industry. Every type of carrier (trucking, railroad, telephone, financial etc) has the same problem of tracking things. And in every case it is, and I suspect, always will be a difficult problem anytime the package is tranferred between multiple carriers. It barely works when everything works correctly. Tracing false information is done only when the loss is greater the cost of trying to track it down. Even the financial industry has found it in their interest to ignore a great number of things below a certain threshold. Identity fraud is a good example. It may cost the individual a great deal of time and effort to track down someone fraudlently using their identity, but for most financial institutions it is an inmaterial amount.
Currently, NOCs don't have much financial interest in tracking down a smurfer.
Yes and no. The NOCs have a great deal of potential liability, but in most cases take the gamble nothing will happen if they ignore it. Think of it as a reverse lottery. There is a one-in-a-trillion chance you might have a billion dollar liability, but think of all the one dollar trouble tickets you saved by doing nothing.
One possibility might be to offer a reward to the NOC that gets the evidence on the first smurfer to get tossed in jail or fined more than $100K.
Who is going to put up the money? Even for CALEA the government is putting up a rather trivial amount of money, relying instead on the big stick of huge fines for non-compliance.
Another might be to setup peering contracts that encourage ISPs/NSPs to track down smurfers.
See above.
I can't quite come up with the right thing to suggest. Everything I think of has too many possibilities for gaming.
In other industries the solution has been to require a police report. Not because the police wil do anything, but because filing a false police report is a felony just about everywhere. Filing a false trouble ticket isn't. The problem is most police won't make a report unless it is clear a crime has been comitted. Breach of contract is not a crime, but fraud is.
Do smurf attacks always happen late at night and on weekends?
Smurfs tend to be highly correlated with activity on IRC. Peak IRC activity happens at night and on weekends. However it should be pointed out this is just a correlation, not a cause and effect. I suspect, but have no proof, that smurfs patterns tend to follow your typical criminal patterns, and happen during peak ISP hours 6pm to 11pm. Unlike more typical cracking activities, I don't see the same out-of-phase pattern of smurfs.
Would major NSPs be willing to setup a smurf hotline so trusted smart people, like Karl, could bypass the first several layers of screening and get the data to the right person fast?
What an excellent idea! -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation