Re: netscan.org update

[John Payne <john () sackheads org>]

On Mon, Sep 25, 2000 at 12:49:15AM -0400, Patrick W. Gilmore wrote:
> I actually think that filtering prefixes such that you cannot send traffic 
> *to* smurf amplifier networks would help, and be far less expensive (CPU 
> wise).  It would be trivial to null-route amplifier prefixes, and if enough 
> networks subscribed to the service, the amplifier sites would notice very, 
> very quickly - in much the same way people on the BGP RBL notice.

My thoughts are that the "SAL" is operated in a similar way to the RBL, except
that education comes *after* listing :-)

ie.. once a smurf amp has been *abused* and reported to the network operator,
it gets listed.  Further reports of abuse of that amp (because listing it won't
stop attacks) will result in widening the listing, until it really starts to hurt.


-- 
John Payne      http://www.sackheads.org/jpayne/    john () sackheads org
http://www.sackheads.org/uce/                    Fax: +44 870 0547954
        To send me mail, use the address in the From: header