Now that we have gotten down to the nitty gritty here. AGAIN the main mechanism for spoofing the smurf attacks is A program call wingate, ban that code and this problem will be cut more than in half. Next there is a rumor that 8000 users have been infected with a tweaked system.exe file that makes that user a smurf amplifier unwittingly. These are things to watch for. I wish there was an easier way to break bad news. Henry Joe Shaw wrote:
On Sat, 20 Jun 1998, Henry Linneweh wrote:
Well DoS and smurf are only different in terms of the packet amounts and method to convey them, so in essence A smurf is another form of DoS on A larger scale. An existing law already covers that.
How do you come up with that? A DoS attack is anything that makes a resource on a host or network unusable. Let's remember that the whole point of the attack is to deny service, whether it be pop3 service with a syn flood or bandwidth with smurf, fraggle, or generic ping flood. A smurf attack is a DoS is a DoS is a DoS.
If A NOC refuses to obey the law and investigate on behalf of a paying client that DoS has occurred than they become party to a criminal act after the fact and are as guilty as the originator of the attack and can be held accountable and their staff can arrested and you have the right to sue for $4000.00 as do each one of your individual customers.
I've never heard a NOC say they wouldn't track it down, although I'm sure it's happened in the past. Mostly I've heard that a NOC was incapable of tracking it down because of router overhead. Not to mention the packets are almost always going to be traced back to the known smurf amplifiers. If it was easy to find people responsible for the operations of those nets and get them on the horn we could have had the smurf problem fixed a long time ago. I would like to see if taking one of those people into court for being an unknowing party to the crime would be effective.
Sometimes you have to look at what you have and realize how to use it for the benefit of the whole.
Indeed, but how many people want to invest the time and money involved in prosecuting a smurf attack? Has anyone successfully done it yet?
As for smurfs crossing international borders where such attacks generally occur from, A group representation to the FCC needs to be formed and the FCC needs then to communicate with its counterpart on the foreign soil using existing treaties that would make that a violation of non aggression pacts and interference in a foreign government and denial of its citizens to communicate pursuant to their constitution the right of free speech.
In A technical sense smurfs from foreign shores are an act of war on networks of the United States by the purposeful intent to disrupt destroy and cripple its computer network infrastructure with A Smurfing mechanism.
Henry R. Linneweh
What needs to happen is things like IPSec, ISAKMP, and Oakley become prime time so authenticating packets becomes a trivial issue. However, the U.S. Crypto Nazis make it impossible for it to be developed in this country because if it is, then it cannot be exported to other countries unless in a weakened state. I don't claim to be a crypto person, but when you think about how the game is played, getting to the real root of the problem may not be an answer you like. I'm as patriotic as the next guy [you can read that however you like], but for crypto authentication solutions to work our government needs to get their hands out of it.
Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services
-- ¢4i1å