nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SYN floods (was: does history repeat itself?)

From: Michael Dillon <michael () memra com>
Date: Mon, 9 Sep 1996 11:13:28 -0700 (PDT)
On Mon, 9 Sep 1996, Perry E. Metzger wrote:


PANIX, a large public access provider in New York, was badly hit with
SYN flood attacks from random source addresses over the last few
days. It nearly wrecked them.

I think its time for the larger providers to start filtering packets
coming from customers so that they only accept packets with the
customer's network number on it. 


I disagree. A better way to do this would be for providers to cooperate to
track down the people who are doing it and make sure to flood the media
with press releases when the culprits are arrested. If the cracker
wannabe's realize that source-spoofed SYN attacks can still be quickly
traced, they will stop doing it.

And the cooperation would do the net some good; maybe lead to more
cooperation down the line.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael () memra com

- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: