Well DoS and smurf are only different in terms of the packet amounts and method to convey them, so in essence A smurf is another form of DoS on A larger scale. An existing law already covers that. If A NOC refuses to obey the law and investigate on behalf of a paying client that DoS has occurred than they become party to a criminal act after the fact and are as guilty as the originator of the attack and can be held accountable and their staff can arrested and you have the right to sue for $4000.00 as do each one of your individual customers. Sometimes you have to look at what you have and realize how to use it for the benefit of the whole. As for smurfs crossing international borders where such attacks generally occur from, A group representation to the FCC needs to be formed and the FCC needs then to communicate with its counterpart on the foreign soil using existing treaties that would make that a violation of non aggression pacts and interference in a foreign government and denial of its citizens to communicate pursuant to their constitution the right of free speech. In A technical sense smurfs from foreign shores are an act of war on networks of the United States by the purposeful intent to disrupt destroy and cripple its computer network infrastructure with A Smurfing mechanism. Henry R. Linneweh Hal Murray wrote:
This is why the government needs to get involved and *demand* that the ability exist via a *protocol* for people in a NOC to initiate and follow these traces automatically, without human intervention by the NOCs in the chain.
Would you and other operators be willing to modify peering agreements to include serious fines for running a smurf amplifier or allowing packets with bogus source addresses to enter the system?
Tracking back bogus source addresses seems hard. Would fines on smurf amplifiers be good enough to fix the smurf problem? Or do we need to catch a smurfer to use as an example?
Currently, NOCs don't have much financial interest in tracking down a smurfer.
Karl's stories of non-cooperation make sense if the NOC is looking at their (short term) bottom line rather than the good of the net. The person on the phone won't get any reward for solving Karl's problem (and might get in trouble for sticking his neck out).
Is there a way we can change that?
One possibility might be to offer a reward to the NOC that gets the evidence on the first smurfer to get tossed in jail or fined more than $100K.
Another might be to setup peering contracts that encourage ISPs/NSPs to track down smurfers.
I can't quite come up with the right thing to suggest. Everything I think of has too many possibilities for gaming.
I'm fishing for something like each ISP/NSP that works on tracking down a smurfer gets to charge the ISP/NSP closer to the source for the time and costs it spends on the problem, including the costs that get passed to it.
How much effort is involved in tracking a smurfer through each router?
Any router vendors willing to estimate how much it would cost to implement something like Karl's proposed command?
"trace-smurf <forged-victim-address> <amplifier-address>" <return>
Do smurf attacks always happen late at night and on weekends?
Would major NSPs be willing to setup a smurf hotline so trusted smart people, like Karl, could bypass the first several layers of screening and get the data to the right person fast?
-- ¢4i1å