Dan Hollis wrote:
The last site I dealt with took _3 weeks_ to close their amplifiers once
they were notified. And this was a multimillion dollar publishing company.
Wow, you sure get them to act quickly! How did you manage to get a big
monstrous behemoth like "corporate america" to move that fast? 
Solving technical problems does requiring a couple things. The first
is the technical background to know what the problem is and how to deal
with it. Usually the big corporations do have at least someone that
knows this. The second is to get management approval. And managers do
not understand things like smurf. They do understand things like lawsuits,
and other financial incentives. In a few cases they can understand things
like "we won't be able to communication with a large segment of customers
due to being blackholed" when someone explains it to them in terms of $$$.
They did nothing for two weeks, then their upstream threatened to pull
their connection.
If there were only some way to blackhole smurf amplifier routes
globally... sigh.
-Dan
There is. It's been suggested several times in the past. All it takes is
someone willing to maintain/distribute it as in the case of the BGP
distribution of the RBL.
Unlike the MAPS RBL, participation in the Smurf RBL wouldn't offer any
protection...it just inconveniences the sites blackholed and anyone
wanting to access those sites.
On Mon, Oct 19, 1998 at 12:03:41PM -0700, Dan Hollis put this into my mailbox:
> Dan Hollis wrote:
> > The last site I dealt with took _3 weeks_ to close their amplifiers once
> > they were notified. And this was a multimillion dollar publishing company.
> Wow, you sure get them to act quickly! How did you manage to get a big
> monstrous behemoth like "corporate america" to move that fast?
They did nothing for two weeks, then their upstream threatened to pull
their connection.
I've found that CC:'ing uplinks on the first e-mail to smurf amplifier
contacts works VERY WELL...I managed to get Santa Clara University (a
site notorious for being smurf amplifier that ignored all attempts to
get them to fix things) to fix their routers. Several others happily
shut off their amplifiers, as well.
When in doubt, add more addresses to the CC: line. I realize this ends
up annoying the more clueful folks who actually read e-mail to things
like abuse@, security@, noc@, etc, but unfortunately the less clued
folks (whose only 'administrative' type account is webmaster@, if they
even have that) seem to be more prevalent these days.
(What was even more hilarious about SCU.edu was that they had the gall
to mail me back saying this was the first they'd heard of the problem
and that they had been working with their uplink to find out why their
connection was constantly at 90% utilization....)
-dalvenjah