Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)

[Karl Denninger]

On Sat, Dec 27, 1997 at 04:08:05PM -0600, Phil Howard wrote:
> > 	Hello Karl & All,  Where or at what price are these tools
> > 	available.
> > 			Tia, JimL
> > PS:	In a further responce Karl was heard to say :
> > 
> > > The bottom line is that MONTHS after these were made available your NOC crew
> > 
> > 	I never heard nor was made aware that these tools were available,
> > 	even though I am an MCI Customer . :-(
> 
> Same here.  Are they free or do they cost money?
> 
> People want the tools.

Free.  Virtually all providers who are default-free have them or they damn
well ought to.

If you CAN, you should be refusing forged source addresses from your
dedicated customers.  I fully understand that not everyone CAN do this due
to the limitations of their architectures - in particular, high-aggregation
routers for customer connects have this ugly problem with running out of
CPU.

However, if a forged-source data stream IS traced to one of your customers,
expect a harsh response from the general network community.  This attack is
well-enough known by now that I consider anyone unable to immediately and
permanently deal with such an incident to be somewhere beneath contempt.

Frankly, for the majority of providers even simple filtering (ie: is it from
one of our networks) coupled with INTELLIGENT address assignment policies
make this a non-issue.  Unfortunately, the HUGE majority of major network
providers don't even seem to think that its a big deal to allow directed 
broadcasts to cross their network architecture - which is "step 0" in
defusing this problem.

--
-- 
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly to FULL DS-3 Service
			     | NEW! K56Flex support on ALL modems
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost