North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
- From: Karl Denninger
- Date: Sat Dec 27 22:40:33 1997
On Sat, Dec 27, 1997 at 04:08:05PM -0600, Phil Howard wrote:
> > Hello Karl & All, Where or at what price are these tools
> > available.
> > Tia, JimL
> > PS: In a further responce Karl was heard to say :
> > > The bottom line is that MONTHS after these were made available your NOC crew
> > I never heard nor was made aware that these tools were available,
> > even though I am an MCI Customer . :-(
> Same here. Are they free or do they cost money?
> People want the tools.
Free. Virtually all providers who are default-free have them or they damn
well ought to.
If you CAN, you should be refusing forged source addresses from your
dedicated customers. I fully understand that not everyone CAN do this due
to the limitations of their architectures - in particular, high-aggregation
routers for customer connects have this ugly problem with running out of
However, if a forged-source data stream IS traced to one of your customers,
expect a harsh response from the general network community. This attack is
well-enough known by now that I consider anyone unable to immediately and
permanently deal with such an incident to be somewhere beneath contempt.
Frankly, for the majority of providers even simple filtering (ie: is it from
one of our networks) coupled with INTELLIGENT address assignment policies
make this a non-issue. Unfortunately, the HUGE majority of major network
providers don't even seem to think that its a big deal to allow directed
broadcasts to cross their network architecture - which is "step 0" in
defusing this problem.
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service
| NEW! K56Flex support on ALL modems
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost