On Tue, Jun 16, 1998 at 03:21:11PM -0400, Jay R. Ashworth wrote:
On Tue, Jun 16, 1998 at 02:10:29PM -0500, Karl Denninger wrote:
Didn't say there wasn't a problem. Just don't let's go _there_, ok?
No, we need to go there.
"Voluntary" cooperation isn't working, because the major NOCs don't cooperate. Like ever. I've given up reporting these and just block the amplifiers, because it is POINTLESS to spend 30 minutes on hold to get a NOC person on the phone who either refuses assistance or refuses to escalate the matter to someone who knows what to do.
Since they don't cooperate, the only two defenses are:
1. Black-hole detected amplifier networks (what we're doing here).
Indeed. And what I think is the best approach. Kick 'em in the nads^Wnets.
Not really. The best approach is to nail a few of these folks with felony indictments for the denial of service attacks, and the theft of the amplifier network's services. That would stop this practice cold.
2. Government intervention to slap penalties on those who don't cooperate with such reports, and vendors who don't make it possible for NOCs to cooperate *reasonably*.
Governments have a demonstrated habit of not building such constraints so as to incent (I hate that word, but can't think of an acceptable synonym just now) the _right_ changes in behavior patterns -- this is the same discussion as was just had about Usenet cancel messages a couple hours ago.
I'd really like it if this didn't have to happen. Seriously. But as long as network operators decide to play stupid when they are hit with these requests, and/or just tell you to bite it (and I've heard both) then the two above steps are both reasonable and necessary.
I think that the approach here is to find the executive level people to whom those people report, and explain to _them_ that if they don't get their houses in order, the government is likely to do it for them.
That's not my (or your) job. If they're not on notice by now, they deserve what they get. Frankly, I hope that the government does their job for them due to the simple fact that I'm getting tired of taking defensive postures on this thing. Its time for network operators to get aggressive. We already filter on our dial connections (including ISDN) to prevent out-of-range addresses from being spoofed. THIS IS SIMPLE TO DO ON ALL MODERN HARDWARE. Yet we're one of the VERY few ISPs who bother with this. We're looking into implementing filtering on ALL ingress paths, including dedicated line, as soon as we can come up with a tool to manage it automatically. The dial side is trivial and as such I can't understand how ANYONE can have an excuse for not doing that - at this point. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost