smurf, the MCI-developed tracing tools (was Re: Bogus announcement)

"DoSTrack v2.0
1997 MCI Telecommunications

Code is available at:

DoSTracker WEB PAGE is at"

However, I was unable to get this to function properly with my Cisco. It
never got past the "Password:" prompt. Any ideas?

I had to modify code to parse the password file. I did not try to
determine if this was because I wasn't using the recommended
hardware/software platform, or because the tool was created to work
with a MCI specific environment.


While I can't comment on this specific problem, MCI's dostracker doesn't
work if you are running DCEF. This makes dostracker useless in many


Then you damn well better not be permitting any of the following:

1) Forged source addresses (this CAN be stopped with specific filters
  on your interfaces, although some will bitch about the performance
  impact - depending on their specific choices)
2) Directed broadcasts (which are used to "create" these DOS attacks by
  bouncing the attack off a particularly-well-connected location,
  USUALLY a provider's internal infrastructure).

Block both of those and Smurfs would disappear. If you can trace the TRUE
source of such an attack quickly, people will go to jail for this. The only
reason they are popular is because the source addresses CAN be forged.