|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ip directed-broadcast
Jon Lewis put this into my mailbox:
>
> FDT used to have major problems with smurf attacks...I was getting to be
> on a first name basis with most of UUNET's NOC graveyard shift. They'd
> usually put in a temporary filter to stop the attack, though sometimes it
> took longer than other's. What finally stopped the attacks was looking at
> who/what was being attacked. At least in our case, systems weren't being
> smurfed just for the heck of it. Generally, there was something going on
> that was (justifiably or not) pissing someone somewhere off. Make sure
> your users and systems are behaving, and the smurfing is likely to stop.
I agree with this, to an extent. However, not all cases are like this.
We've been dealing with a particular smurfer for a little over a
month and a half now. Basically, this person will sit and spam people. If
we try to block or disconnect him, he automatically smurfs one of our
servers from one of his hacked accounts, of which he has quite a few.
We've managed to trace him back to a few Aussie ISPs, and have gotten
responses out of some of the people in charge of the machines he's hacked,
but at this point I'm getting mighty sick of people ignoring our
e-mails and phone calls (one Aussie *dialup* ISP comes to mind), and
I'm trying to figure out how best to sum up the situation to the FBI
computer crimes division. (I'm planning to go to them with a list of
things we can charge this person with, including theft of service,
extortion, and blackmail..)
The moral is, though, some of your users could just be going about their
business normally, and someone who doesn't take 'no' for an answer is
using smurfing to get what they want.
(This is also why I currently have the attitude that if your network
isn't protected against smurf-broadcasting, or it isn't filtering
spoofing, or your machines aren't adequately monitored to ensure that
accounts don't get hacked, then you don't deserve to be connected to
the internet, and should pay the rest of us for the trouble of cleaning
up your messes.)
-dalvenjah
--
Dalvenjah FoxFire (aka Sven Nielsen) I once heard the voice of God. It
Founder, the DALnet IRC Network said "Vrrrrrmmmmmm." Unless it was
just a lawn mower.
e-mail: [email protected] WWW: http://www.dal.net/~dalvenjah/
whois: SN90 Try DALnet! http://www.dal.net/
|