Btw. For the victim, there is not difference between - - smurf amplifies abused by the hacker; - broken box abused by the hacker to create flood attack; - broken dialup provider abused to send spam. Don't talk about the smurf, talk about badly-secured systems. Open direct-broadcast is one example; open SMTP relay is another one; non-fixed exploit abused to get root access is the third example. This common case is - _someone does not secure his box/lan from abuse; what should we do_. The forths case is (not yet) - ISP does allow to send frauded SRC addresses. On Sat, 16 Jan 1999, Steven J. Sobol wrote:
Date: Sat, 16 Jan 1999 12:35:12 -0500 From: Steven J. Sobol <sjsobol@nacs.net> To: Harold Willison <harold@agis.net> Cc: Joe Shaw <jshaw@insync.net>, nanog@merit.edu Subject: Re: Solution: Re: Huge smurf attack
On Thu, Jan 14, 1999 at 12:46:44PM -0500, Harold Willison wrote:
Tracking down a smurf amplifier is not a problem. Getting the folks to fix it is a little harder than it should be now, as most of the folks left with open amplifiers have been notified and have to this point refused to fix or are unable to fix it.
Oh, good... then if they refuse to fix their problem, and it can be documented that they refuse to fix their problem, and someone uses them as an amplifier, they can get sued. I hope we have some documentation that these people refuse to do anything.
-- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net]
Proud resident of Cleveland Heights, Ohio, the coolest place on earth. http://www.ClevelandHeights.com
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)