SMURF amplifier block list

Would the vix people have any interest in just adding "being a smurf amp"
to the possible causes for entry in the BGP version of RBL? That way, it
would be harder for the smurf d00dz to get up to date lists.

Sadly, no. The existing RBL has a great deal of strength (measured by the
number of people who subscribe to it) but that strength comes primarily due
to the limited focus of the weapon. We're about mail abuse. Mail abuse is
something that everybody can understand and everybody agrees is a bad thing.
SMURF amplification is something that not everybody can understand and so
not everybody agrees that it's a bad thing.

I would ordinarily be willing to set up a second RBL-like feed, which due to
the nature of the attacks (SMURF vs SPAM) would only be available via BGP
(denying only mail transport from or to a SMURF amplifier network seems like
a round hole / square peg kind of thing), but I simply do not have the time
or money or people to do it. MAPS is an unfunded activity (with the notable
exception of donations from a few of you on NANOG) and I think we ought to
try to do a better job stopping SPAM before we try to use some of the same
overworked volunteers to take on something like SMURF amplifiers.

I suggested this sort of thing a while ago, but don't currently have time
to implement it. The vix people already have everything in place.

Perhaps we should just start a company called "@net.police"? :slight_smile: x 1000.

Why should net policing be centralized. Wouldn't it be better if we had
1000 different net police groups all focussed on one specific problem.
Like the RBL, perhaps :wink:

better yet...