North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ip directed-broadcast
Jon wrote: > about what I wrote: > > 1.) they will not continue to try to trace this. (they had made > > some previous unsuccessful efforts) > > Strike 1. > > > 2.) they will no longer filter icmp echo reply for me, even though > > they understand that my link is now useless without that. > > They do not have cpu cycles to spare for this purpose. > > or few line filters push the CPU over the edge....Strike 2. > > > 3.) they do not see this type of attack very often and don't > > consider it much of a problem. > > Sure...it causes them very little trouble. Odds are good their NOC gets > smurfed very rarely. Strike 3. > Yep 3 strikes and you're out. Sad, I've gotten excellent service from this provider until this recent policy snafu. > NOC and let them know that you consider your T1 to Sprint unusable, and do > not intend to pay the next bill...at least no in full. calls into the account rep already placed on this issue. > FDT used to have major problems with smurf attacks...I was getting to be > on a first name basis with most of UUNET's NOC graveyard shift. They'd > usually put in a temporary filter to stop the attack, though sometimes it > took longer than other's. What finally stopped the attacks was looking at > who/what was being attacked. At least in our case, systems weren't being > smurfed just for the heck of it. Generally, there was something going on > that was (justifiably or not) pissing someone somewhere off. Make sure > your users and systems are behaving, and the smurfing is likely to stop. > Yep, I know right off hand of several possibilities. A possibly disgruntled former employee who just lost a case against us in court the day before the attack started, or a guy that posts rather obnoxious stuff to the local nj newsgroups that a lot of people dislike, etc. With 7000 customers, you will ocasionally find one that is not as polite as he(she) should be. We do respond quickly to abuse/postmaster/sysadmin complaints so I don't believe we are sitting on pentup outrage over our customers abusing other networks/systems with no recourse. Of course, this could be a snit where the other side doesn't particularly want to tell their story to management types. Ken Leland
|