North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: ip directed-broadcast
- From: Ken Leland
- Date: Mon Dec 29 13:29:51 1997
> about what I wrote:
> > 1.) they will not continue to try to trace this. (they had made
> > some previous unsuccessful efforts)
> Strike 1.
> > 2.) they will no longer filter icmp echo reply for me, even though
> > they understand that my link is now useless without that.
> > They do not have cpu cycles to spare for this purpose.
> or few line filters push the CPU over the edge....Strike 2.
> > 3.) they do not see this type of attack very often and don't
> > consider it much of a problem.
> Sure...it causes them very little trouble. Odds are good their NOC gets
> smurfed very rarely. Strike 3.
Yep 3 strikes and you're out. Sad, I've gotten excellent service
from this provider until this recent policy snafu.
> NOC and let them know that you consider your T1 to Sprint unusable, and do
> not intend to pay the next bill...at least no in full.
calls into the account rep already placed on this issue.
> FDT used to have major problems with smurf attacks...I was getting to be
> on a first name basis with most of UUNET's NOC graveyard shift. They'd
> usually put in a temporary filter to stop the attack, though sometimes it
> took longer than other's. What finally stopped the attacks was looking at
> who/what was being attacked. At least in our case, systems weren't being
> smurfed just for the heck of it. Generally, there was something going on
> that was (justifiably or not) pissing someone somewhere off. Make sure
> your users and systems are behaving, and the smurfing is likely to stop.
Yep, I know right off hand of several possibilities. A possibly disgruntled
former employee who just lost a case against us in court the day before
the attack started, or a guy that posts rather obnoxious stuff to the
local nj newsgroups that a lot of people dislike, etc. With 7000 customers,
you will ocasionally find one that is not as polite as he(she) should be.
We do respond quickly to abuse/postmaster/sysadmin complaints so I don't
believe we are sitting on pentup outrage over our customers abusing other
networks/systems with no recourse. Of course, this could be a snit
where the other side doesn't particularly want to tell their story to