North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What do we do with clueless ISPs

  • From: Joe Shaw
  • Date: Sun Mar 22 14:05:09 1998

Last weekend we had one host on our network as the target of a smurf
attack.  When I reported it to both our upstreams (UUNet and Time Warner
who reported it to MCI), we got two stories.  MCI, whom I'm not even a
direct customer of started tracking the attack as soon as they were
informed.  UUNet took an hour to get a security person on the phone who
then told me that there was nothing they could do, period.  

My question is this: When will UUNet have security types on duty 7 days a
week, and will said people be clueful enough to track this sort of thing
down?  I told the people at UUNet that we were under smurf attack, and
then I had to go through a 10 minute explanation of what a smurf attack
was and what it was doing.  I would expect a worldwide NSP to keep up with
things like this, especially when a regional like myself can.

I had logged all ICMP traffic coming into our network via an access list,
and could give them all the information they needed to get to the
offending networks, so it's not like they had such a hard job ahead of
them.

Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services

On Sat, 21 Mar 1998, Randy Bush wrote:

> > How does one send "samples" of a Smurf 
> 
> When BBN's NOC handed one to our NOC yesterday, or was it the day before,
> they sent a cut and paste of
>   o configuring their edge cisco to detect and log
>   o the log
> which both documented the problem and, if our NOC did not have smurf clue,
> gave a clue on how to track.
> 
> [ aside: it was tracked to the perp and stomped ]
> 
> randy