North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Solution: Re: Huge smurf attack

  • From: Alex P. Rudnev
  • Date: Sat Jan 16 13:50:45 1999

Btw.

For the victim, there is not difference between -
- smurf amplifies abused by the hacker;
- broken box abused by the hacker to create flood attack;
- broken dialup provider abused to send spam.

Don't talk about the smurf, talk about badly-secured systems. Open 
direct-broadcast is one example; open SMTP relay is another one; 
non-fixed exploit abused to get root access is the third example.

This common case is - _someone does not secure his box/lan from abuse; 
what should we do_.

The forths case is (not yet) - ISP does allow to send frauded SRC 
addresses.


On Sat, 16 Jan 1999, Steven J. Sobol wrote:

> Date: Sat, 16 Jan 1999 12:35:12 -0500
> From: Steven J. Sobol <[email protected]>
> To: Harold Willison <[email protected]>
> Cc: Joe Shaw <[email protected]>, [email protected]
> Subject: Re: Solution: Re: Huge smurf attack
> 
> On Thu, Jan 14, 1999 at 12:46:44PM -0500, Harold Willison wrote:
> >  
> > Tracking down a smurf amplifier is not a problem. Getting the folks to 
> > fix it 
> > is a little harder than it should be now, as most of the folks left 
> > with open  
> > amplifiers have been notified and have to this point refused to fix or 
> > are unable to fix it. 
> 
> Oh, good... then if they refuse to fix their problem, and it can be documented
> that they refuse to fix their problem, and someone uses them as an amplifier,
> they can get sued. I hope we have some documentation that these people refuse
> to do anything.
>  
> -- 
> Steve Sobol [[email protected]]
> Part-time Support Droid [[email protected]]
> NACS Spaminator [[email protected]]
> 
> Proud resident of Cleveland Heights, Ohio, the coolest place on earth.
> http://www.ClevelandHeights.com
> 

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)