Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Government scrutiny is headed our way

  • From: Hal Murray
  • Date: Sat Jun 20 05:09:47 1998

> This is why the government needs to get involved and *demand* that 
> the ability exist via a *protocol* for people in a NOC to initiate 
> and follow these traces automatically, without human intervention 
> by the NOCs in the chain.

Would you and other operators be willing to modify peering agreements 
to include serious fines for running a smurf amplifier or allowing 
packets with bogus source addresses to enter the system?

Tracking back bogus source addresses seems hard.  Would fines on 
smurf amplifiers be good enough to fix the smurf problem?  Or do 
we need to catch a smurfer to use as an example?

Currently, NOCs don't have much financial interest in tracking down 
a smurfer. 

Karl's stories of non-cooperation make sense if the NOC is looking 
at their (short term) bottom line rather than the good of the net.  
The person on the phone won't get any reward for solving Karl's problem 
(and might get in trouble for sticking his neck out). 

Is there a way we can change that?

One possibility might be to offer a reward to the NOC that gets the 
evidence on the first smurfer to get tossed in jail or fined more 
than $100K.

Another might be to setup peering contracts that encourage ISPs/NSPs 
to track down smurfers.

I can't quite come up with the right thing to suggest.  Everything 
I think of has too many possibilities for gaming. 

I'm fishing for something like each ISP/NSP that works on tracking 
down a smurfer gets to charge the ISP/NSP closer to the source for 
the time and costs it spends on the problem, including the costs 
that get passed to it.

How much effort is involved in tracking a smurfer through each router?

Any router vendors willing to estimate how much it would cost to 
implement something like Karl's proposed command? 

>	"trace-smurf <forged-victim-address> <amplifier-address>" <return>

Do smurf attacks always happen late at night and on weekends?

Would major NSPs be willing to setup a smurf hotline so trusted smart 
people, like Karl, could bypass the first several layers of screening 
and get the data to the right person fast? 

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.