Hi, This e-mail comes to describe a common problem among a large number of ISPs, mostly foreign, when dealing with US network service providers. I don't want to talk about anyone I don't know of, so I will limit this initial e-mail to talking about UUnet. As most of you know, some ISPs run irc servers, and provide an IRC service to the community. The service is free, and maintenance and cost of networking/hardware/human hours is on the ISPs expense. Irc tends to be a volatile medium, like interpersonal relationships in real life. Thus, many times arguements turn into heated disputes, and sometimes, some people pick up arms, and attack. The attacks usually take out whole ISPs for hours, or days. The problem is that when trying to get help from the upstream provider (UUnet in this example), you either receive a negative answer, or you're just ignored completely. Thus, by terrorism, people get what they want, and hold you at a threat of force, without any ability to defend yourself. Smurfing, icmp attacks, udp attacks, tcp synflooding (spoofed sources) are just a number of these weapons. The problem with alot of networking entities, be it ISPs, enterprises, and such, is that they allow spoofed packets to leave their network (i.e. do not check if the packets originate from within their netblocks before letting them leave their routers). The question is, how can we defend ourselves, and why do the large NSPs turn a blind eye, and act as if it's not their concern ? Is there a chance that by helping one another, and by implementing Internet RFCs corrctly (rfc 1918 for example), we can contribute to the elimination of this kind of electronic terrorism ? Any chance a UUnet person might answer ? best regards, --Ariel -- Ariel Biener e-mail: ariel@post.tau.ac.il Work phone: 03-6406086 fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC