nanog mailing list archives
Re[4]: SYN floods (was: does history repeat itself?)
From: pcalhoun () usr com (Pat Calhoun)
Date: Fri, 13 Sep 1996 15:59:31 -0500
Curtis, As I stated in my previous e-mail, we could do this by adding this to our release notes in our product, describing the problem and advising against not taking measures. However, this would only apply to our customers, which I would venture to say that most already do understand the problem :). However, if there is anything that I can do to help, please let me know since I take the threat of the "imminent death of the internet" very seriously. Pat R. Calhoun e-mail: pcalhoun () usr com Project Engineer - Lan Access R&D phone: (847) 933-5181 US Robotics Access Corp. ______________________________ Reply Separator _________________________________ Subject: Re: Re[2]: SYN floods (was: does history repeat itself?) Author: Curtis Villamizar <curtis () ans net> at Internet Date: 9/12/96 1:44 PM In message <233128C0.3000 () usr com>, Pat Calhoun writes:
This is a Mime message, which your current mail reader may not understand. Parts of the message will appear as text. To process the remainder, you will need to use a Mime compatible mail reader. Contact your vendor for details. --IMA.Boundary.388702248 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Perry, This is actually quite simple to implement on Dial Access Routers, and obviously this is the best place to add the filtering. Pat R. Calhoun e-mail: pcalhoun () usr com Project Engineer - Lan Access R&D phone: (847) 933-5181 US Robotics Access Corp.
I agree with you completely -- sort of. Only problem is there are thought to be some 3,000 dial access providers. Many of them barely know what a TCP SYN is, let alone why they need to block ones with random source addresses and how. Unless of course you are volunteering to explain it and help them. Thanks in advance. :-) Curtis
______________________________ Reply Separator ______________________________ ___ Subject: Re: SYN floods (was: does history repeat itself?) Author: "Perry E. Metzger" <perry () piermont com> at Internet Date: 9/9/96 1:19 PM Re: SYN floods PANIX, a large public access provider in New York, was badly hit with SYN flood attacks from random source addresses over the last few days. It nearly wrecked them. I think its time for the larger providers to start filtering packets coming from customers so that they only accept packets with the customer's network number on it. Yes, its a load on routers. Yes, its nasty for the mobile IP weenies. Unfortunately, the only known way to stop this. Many TCPs go belly up as soon as they get SYN flooded -- its a defect in the protocol design, and other than Karn style anti-clogging tokens ("cookies") being put into a TCP++ and mass implemented worldwide soon, the only reasonable way to stop this sort of terrorism is provider filtering. Perry --IMA.Boundary.388702248 Content-Type: text/plain; charset=US-ASCII; name="RFC822 message headers" Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Content-Disposition: attachment; filename="RFC822 message headers" Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP (IMA Internet Exchange 2.02 Enterprise) id 233028F0; Sun, 8 Sep 96 12:29:51 -0500 Received: from merit.edu by usr.com (8.7.5/3.1.090690-US Robotics) id MAA17658; Mon, 9 Sep 1996 12:33:14 -0500 (CDT) Received: from localhost (daemon@localhost) by merit.edu (8.7.5/merit-2.0) wi th SMTP id NAA17064; Mon, 9 Sep 1996 13:20:33 -0400 (EDT) Received: by merit.edu (bulk_mailer v1.5); Mon, 9 Sep 1996 13:19:08 -0400 Received: (from daemon@localhost) by merit.edu (8.7.5/merit-2.0) id NAA16987 for nanog-outgoing; Mon, 9 Sep 1996 13:19:08 -0400 (EDT) Received: from jekyll.piermont.com (jekyll.piermont.com [206.1.51.15]) by merit.edu (8.7.5/merit-2.0) with ESMTP id NAA16982 for <nanog () merit edu>; Mon , 9 Sep 1996 13:19:05 -0400 (EDT) Received: from localhost (perry@localhost) by jekyll.piermont.com (8.7.5/8.6. 12) with SMTP id NAA24855 for <nanog () merit edu>; Mon, 9 Sep 1996 13:19:02 -0400 (EDT) Message-Id: <199609091719.NAA24855 () jekyll piermont com> X-Authentication-Warning: jekyll.piermont.com: Host perry@localhost didn't us e HELO protocol To: nanog () merit edu Subject: Re: SYN floods (was: does history repeat itself?) In-reply-to: Your message of "Mon, 09 Sep 1996 12:47:13 EDT." <199609091647.MAA01458 () tomservo mindspring com> Reply-To: perry () piermont com X-Reposting-Policy: redistribute only with permission Date: Mon, 09 Sep 1996 13:19:02 -0400 From: "Perry E. Metzger" <perry () piermont com> Sender: owner-nanog () merit edu --IMA.Boundary.388702248--
Attachment:
RFC822 message headers
Description: cc:Mail note part
Current thread:
- Re: SYN floods (was: does history repeat itself?), (continued)
- Re: SYN floods (was: does history repeat itself?) Tim Salo (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Vadim Antonov (Sep 14)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 15)
- Re: SYN floods (was: does history repeat itself?) alex (Sep 16)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 16)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 15)
- Re: Re[4]: SYN floods (was: does history repeat itself?) James D. Butt 'J.D.' (Sep 15)
- Re: SYN floods (was: does history repeat itself?) Vadim Antonov (Sep 15)
- Re[4]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 16)
- Re[4]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 16)
- Re[4]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 16)