On Mon, Sep 25, 2000 at 12:49:15AM -0400, Patrick W. Gilmore wrote:
I actually think that filtering prefixes such that you cannot send traffic *to* smurf amplifier networks would help, and be far less expensive (CPU wise). It would be trivial to null-route amplifier prefixes, and if enough networks subscribed to the service, the amplifier sites would notice very, very quickly - in much the same way people on the BGP RBL notice.
My thoughts are that the "SAL" is operated in a similar way to the RBL, except that education comes *after* listing :-) ie.. once a smurf amp has been *abused* and reported to the network operator, it gets listed. Further reports of abuse of that amp (because listing it won't stop attacks) will result in widening the listing, until it really starts to hurt. -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 To send me mail, use the address in the From: header