In message <199607092210.MAA09327@ns.oceanic.com>, Doug Stanfield writes:
These garbage packets are flooding through somebodies network to get to the target. I'd think it would benefit the intervening operators to eliminate traffic tthat is harmful, probably illegal, and wasting the resource they sell, bandwidth. Doug Stanfield "The significant problems we face cannot be solved Oceanic Cable at the same level of thinking we were at when we Project Engineer created them." - Albert Einstein dougs@oceanic.com (808) 625-8455 fax (808) 625-5888
If the traffic passes through ANS, call the NOC or send e-mail to trouble@ans.net. We can generally tell you where the traffic came into ANS, even after the fact. You then go to the next NOC down the line. Repeat until completed. No it isn't automated and brief attacks would be tough but that the state of things and it has been sufficient. You typically need to go through one or two providers and then a site or campus and maybe department before getting to the source machine. I've only been rarely and mostly peripherally involved in followup but I do remember a number of other providers being extremely cooperative to the point of physically moving workstations to act as sniffers, though they did need to set up monitoring to trace things further. I seem to remember a number of cases that were traced as being recurring cases of badly broken software rather than attacks, like boxes that didn't like multicast and crashed and spewed garbage. This latest incident could be the same. Curtis