On Tue, 20 Jan 1998, Eric Wieling wrote: ==>Is there any point in trying to report these attacks? Who would we ==>report them to? We don't know what the source is, after all the ==>address is spoofed. It seems kind of pointless to notify the victim ==>-- they already know they have been smurfed. Most providers are relatively helpful if they're attacks. They will generally work to help resolve it, or at least will place filters in place to help you out. It's quite unfortunate that I had to find a tier 1 not willing to help with the smurf situation at all lately. An ISP that I do consulting for was being attacked via their connection to this provider. When their provider was called, they said they couldn't trace anything unless the FBI was involved, and that they couldn't put a filter in place. So, basically this ISP's connection to the provider was disabled. After the owner of this ISP argued with this provider's NOC for 12 hours, this provider sent mail back, claiming it wasn't a smurf because they looked at the traffic on the circuit. If anyone should recognize a smurf, I think I would. I told this provider it *was* a smurf, and that if they weren't predisposed with trying to do absolutely nothing about it, they would have seen it. After I told them about my smurf paper, http://www.quadrunner.com/~chuegen/smurf.txt they were quick to tell me (against their supposed "policy") that they are indeed willing to filter for a customer, and that they will trace attacks if necessary. This is interesting, because I sat on a conference call with representatives from this provider along with others, the FBI, and CERT on how we can have better cooperation between providers and track these guys. This provider claimed their NOC was willing to deal with this. It was a very disappointing e-mail thread. As a plea to all you providers out there: the 'smurf' attack hurts the smaller providers. It hurts their business. Please vow to use tools like DoStracker and anything else you may be able to in order to trace this down. Get your NOC operations folks involved--pass out the smurf paper to educate customers and tell them what you can and can not do. /cah