On Mon, 11 Jan 1999, Dalvenjah FoxFire wrote:
If that were true, we wouldn't have smurf attacks at all. There are still many, many clueless or otherwise incompetent ISPs and/or companies out there (many of whom are large ISPs and/or telcos who should know better but don't) who have many, many smurf-amplifier netblocks. Heck, the US Military has half of the entries at netscan.org (and they're supposedly the ones worried about "cyber-terrorism").
Perhaps its time to publicize these smurf amplifiers. Maybe CNET or someone would like to run a front page article explaining how US tax dollars are being used to enable denial of service attacks on private corporations on the internet. Its time to enforce ip spoofing rules. Any network found sourcing packets that dont belong to them should be disconnected until they install proper filters. Anyone found leaking rfc1918 addresses should be disconnected too until they fix their filters. Or perhaps someone would like to take a proactive approach at scanning for smurfable networks and closing them before the script kiddies find them? Maybe nanog members could pitch in fees to hire someone full time to scan for smurf networks and shut them down. -Dan