|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Solution: Re: Huge smurf attack
Btw. For the victim, there is not difference between - - smurf amplifies abused by the hacker; - broken box abused by the hacker to create flood attack; - broken dialup provider abused to send spam. Don't talk about the smurf, talk about badly-secured systems. Open direct-broadcast is one example; open SMTP relay is another one; non-fixed exploit abused to get root access is the third example. This common case is - _someone does not secure his box/lan from abuse; what should we do_. The forths case is (not yet) - ISP does allow to send frauded SRC addresses. On Sat, 16 Jan 1999, Steven J. Sobol wrote: > Date: Sat, 16 Jan 1999 12:35:12 -0500 > From: Steven J. Sobol <sjsobol@nacs.net> > To: Harold Willison <harold@agis.net> > Cc: Joe Shaw <jshaw@insync.net>, nanog@merit.edu > Subject: Re: Solution: Re: Huge smurf attack > > On Thu, Jan 14, 1999 at 12:46:44PM -0500, Harold Willison wrote: > > > > Tracking down a smurf amplifier is not a problem. Getting the folks to > > fix it > > is a little harder than it should be now, as most of the folks left > > with open > > amplifiers have been notified and have to this point refused to fix or > > are unable to fix it. > > Oh, good... then if they refuse to fix their problem, and it can be documented > that they refuse to fix their problem, and someone uses them as an amplifier, > they can get sued. I hope we have some documentation that these people refuse > to do anything. > > -- > Steve Sobol [sjsobol@nacs.net] > Part-time Support Droid [support@nacs.net] > NACS Spaminator [abuse@nacs.net] > > Proud resident of Cleveland Heights, Ohio, the coolest place on earth. > http://www.ClevelandHeights.com > Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
|