Tracking down a smurf amplifier is not a problem. Getting the folks to fix it is a little harder than it should be now, as most of the folks left with open amplifiers have been notified and have to this point refused to fix or are unable to fix it. The real solution is to catch the person starting the attack. Until the 'kiddies' start seeing people paying a price for this, they aren;t going to stop. I could make sure every person on my network is configured so that noone within their network is able to spoof addresses and can't be used as an amplifier, but this will not protect me and my network from attacks aimed towards us. As long as there are networks that allow spoofed addresses, we will be vulnerable. To even consider the fact that every network will eliminate the ability to forge addresses it unrealistic. We can't get folks to stop being amplifiers, how are we going to get them to apply the spoof filters? The only solution that is realistic is to start catching and prosecuting the individuals doing this. This requires total cooperation between Tier 1 providers.. and the ability on all brands of routers to trace this. This is not the case at this time, and I really don't see it heading that way anytime soon. At 10:06 AM 1/14/99 -0600, you wrote:
My only question is do any of you who've been under attack report these
incidents to the FBI and the other appropriate agencies? I understand
that a lot of these places are Universities and Govt. agencies where
finding someone to fix the problem is like running through water, but I
can only wonder if having the FBI get involved in these things would help.
Two agents from the Houston office recently gave a presentation talking
about their new and expanding computer crimes divisions popping up around
the country. They kept harping on protecting the infrastructure of the
nations public networks, and I think helping track down smurf amplifiers
would fall under this.
--
Joseph Shaw - jshaw@insync.net
NetAdmin/Security - Insync Internet Services
Free UNIX advocate - "I hack, therefore I am."
On Thu, 14 Jan 1999, Alex P. Rudnev wrote:
I am not sure about last smurf incident, but don't overestimate _dark
minds_ caused this incident. I am 99.9% shure all (ALL) this incidents
complained about in NANOG was the same _kidscripts_.
This do not mean you should not prevent the possibility of
_cyberterrorism_, and let's this _kid's plays_ help to pay attention to
the security holes we have over the Internet.
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | Harold Willison AGIS Network Engineering | * Senior Network Engineer 313-730-5151 * | noc@agis.net 313-730-1130 x-5649 | | harold@agis.net 24 hours a day, 7 days a week | | <bold><italic> <underline>http://www.agis.net</underline></italic></bold> |<bold><italic> </italic></bold>\*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*/