On Tue, 26 Sep 2000, John Payne wrote:
I'm not saying that having a list is a bad idea. But it should be a list of amps that have been found using logs from attacks, not by going out and scanning for them
The problem with reasonable sized smurfs is that you can't just casually log them and trace back. If I want to go after open mail relays I can just look at the headers of spam I personally get and trace these back to the providers. Logging 10-100 Mb/s smurfs (which we see several per day) on the other hand is not something you can just do and trace back. That level of traffic tends to melt whatever you try to log it with unless you throw a bit of time and hardware into preparing to log it. Of course when it's 50 machines scattered across the Internet all spoofing random source addresses then don't even bother. -- Simon Lyall. | Newsmaster | Work: simon.lyall@ihug.co.nz Senior Network/System Admin | | Home: simon@darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz