On Wed, Jun 17, 1998 at 06:33:14AM -0400, Richard Thomas wrote:
-----Original Message----- From: Karl Denninger <karl@mcs.net> To: Jay R. Ashworth <jra@scfn.thpl.lib.fl.us> Cc: nanog@merit.edu <nanog@merit.edu> Date: Tuesday, June 16, 1998 3:54 PM Subject: Re: Government scrutiny is headed our way
Since they don't cooperate, the only two defenses are:
1. Black-hole detected amplifier networks (what we're doing here).
Indeed. And what I think is the best approach. Kick 'em in the nads^Wnets.
Not really. The best approach is to nail a few of these folks with felony indictments for the denial of service attacks, and the theft of the amplifier network's services. That would stop this practice cold.
Unfortunantly I highly doubt this will have much impact. Firstly, all of the "smurf kiddies" are using hacked shells, so when you trace it back to them they don't care, they just move to the next machine. Secondly, the most annoying and persistant smurfers (read "conflict") are too stupid to know better even if you start bumping off smurfers left and right. You're likely to scare the casual immoral network admin who smurfs his isp's competition or such, but thats about it.
My strategy is to hit the smurfers where it hurts, the broadcasts. I email the broadcast network, and their uplink, and their uplink, until something gets done. If you can exaust their broadcasts quickly enough it becomes too "expensive" for them to continue.
Well, we do it one better - we black-hole the network. I just added another ~60 prefixes to the list after another persistent smurf attack. I've given up trying to trace them myself (although we do report it) because the big networks, where this originates, are unwilling to help in a timely fashion. If people bitch about the connectivity loss, well tough shit. Better to have a working network that can get to 99.5% of the Internet than a completely trashed one with full visibility. I'm going to have to talk to our lawyers about whether or not we could *sue* the amplifier networks. Most of them are truly large organizations (ie: universities, big corporations, big national providers, etc) and could easily pay such a judgement. Heh, now there's an idea :-) -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost