Actions to quiet the Smurf amplifiers?

Well, it is far from the best solution, but here's a suggestion that
may be feasible in the interim (ie, while whacking on owners of
smurf-amlifiable networks):

- establish a site similar to the RBL, as an anti-smurf clearinghouse
- have said site do BGP peerings, and announce, as /32's, the broadcast
    addresses of smurf-nets
- have enough major-backbone networks use this mechanism to significantly
    dampen smurf until it becomes an occasional, localized nuisance

Note that doing these as /32's means connectivity to the genuine network
is unaffected. Only packets destined for broadcast addresses, ie smurf
attacks, will be blackholed - and this before they get amplified.

While the total number of network entries may be large initially,
aggressive efforts by providers to take ownership of pieces
of address space belonging to customers, may quickly reduce the global
requirements. E.g., If provider X has 1000 such networks belonging to his
single-homed customers, and he static-routes these 1000 /32's himself, this
offloads the centralized anti-smurf AS. If 20 such ISPs do this, most of
the problem goes away.

Major backbones ought not bear the brunt of much of this sort of junk,
but in this instance, it may be the best place to do this. The big
ISPs will generally have enough memory on their core nodes to handle the
additional routes, will be running CEF (so can discard smurf traffic
almost for free), and will have much greater effectiveness in doing this.

However, the more ISPs that involve themselves, the closer to the offender
the traffic will get nuked, and the more likely that the attemt will be
logged by the offender's ISP and thus result in termination due to violation
of ISP's policies (you do have policies against DoS, right folks?).