Perhaps we might have some success preventing smurfs from the most common
sources, hacked machines on university dorm networks, by getting the
university backbones to filter spoofs. Things like SUnet, FUnet, NYSERnet,
etc, account for a large portion of universities used to smurf from, and it
might be easier then trying to get each school to filter individually. I
found the following two addresses for nysernet and funet but was unable to
read or translate the Swedish on www.sunet.se.
Gary Crane, Senior Director of Network Development, gcrane@nysernet.org
Markus Sadeniemi, Director of FUNET, Markus.Sadeniemi@csc.fi
On Mon, Jul 13, 1998 at 04:48:41AM -0400, Richard Thomas put this into my mailbox:
Perhaps we might have some success preventing smurfs from the most common
sources, hacked machines on university dorm networks, by getting the
university backbones to filter spoofs. Things like SUnet, FUnet, NYSERnet,
etc, account for a large portion of universities used to smurf from, and it
might be easier then trying to get each school to filter individually. I
found the following two addresses for nysernet and funet but was unable to
read or translate the Swedish on www.sunet.se.
That's one solution. What might be a better solution would be if the Big Few
networks (MCI, Sprint, UUnet, etc.) were to take the list of smurf amplifiers
from something like the SAR, *verify* that they're still smurf amplifiers,
and then refuse to route traffic from those networks.
Not only would it cut the smurfs down cold, but it would also get the folks
responsible for those networks to fix things.
Then again, if the big-bandwidth folks cared about such things, perhaps they
would have done so already.
*dealing with the third 10M+ smurf this weekend, the 40th or so since May, and
getting rather tired of it..*
-dalvenjah