On Sun, 12 Apr 1998, Karl Denninger wrote: [...]
The folks who can source significant smurfs today are NOT Joe's T1 and Grill. They are NATIONAL and INTERNATIONAL ISPs who damn well ought to know how to prevent this and why they should. The guy with a T1 can't hit us hard enough to even show up on our monitors. To make my blacklist you have to hit me with enough bandwidth that we *see* the problem, and that means you're at least mid-fractional-DS3 connected.
And that is a very important point here. While trying to fix every network that can be used for smurf attacks would be a very difficult or even futile attempt, every network that can be used for smurf attacks isn't the issue. Yes, it is still bad, but as Karl says no matter what they do, smurf replies originating from a T1 connected network can't take down a moderate backbone without special effort. (ie. exploiting some other hole other than just flooding the bandwidth) Any sort of pressure that can be exerted to fix the well connected networks that cause problems, including public flogging, is appropriate. Also note that the networks that can cause real problems should have staff capable of fixing the problem without any hassles, although should and do are very different. The best part of all this is that the people that refuse to take action to stop their networks being used in this manner are wasting their own bandwidth and quite possibly a lot of money. Karl can be quite persistent in flogging dead (or nonexistent) horses, but I think it is a good thing he is flogging this one.