nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: Joel Gallun <joel () wauug erols com>
Date: Tue, 17 Sep 1996 13:18:50 -0400 (EDT)
Ken, I think that you are right on target here. I was thinking that a good way to get the word out to the .edu community might be for someone to deliver a paper on this problem (SYN flood and other source spoofed attacks) at the upcoming LISA. Any takers? Joel On Tue, 17 Sep 1996, Ken Lindahl wrote:
hi, On Tue, 17 Sep 1996, Rob Skrobola <rjs () ans net> wrote:On topic: Most of the discussion has been about stopping these general kinds of attacks from dial-up providers, ISP's. I've not heard much about what seems to be the other major source of potential problems, namely universities and schools.. They seem to provide a somewhat more involved challenge in the effort to source filter outbound packets.good point. in the incidents i've seen here at uc berkeley, about half were sourced from dial-up providers and about half from other universities. however, in the majority of the cases, the source host appeared to be a compromised host, that is, the real perpetrator was actually somewhere else. at least in the university environment, i think you would find that most universities have a central networking group that would be interested in doing the "right thing," given adequate education and resources. for the record, i've been filtering inbound and outbound at uc berkeley since early march 95.... So it has to happen closer to the source.works better closer to the source too: the northern uc campuses are working toward utilizing a single ds3 into an isp. if the filtering were done at the isp's interface, the filter would have to permit any packet with a source ip address from any of the 5 northern campus. whereas my filters permit only uc berkeley source ip addresses. i also use some strategically located filters in uc berkeley's interior as well.... It would be interesting to hear an opinion from some networking folks at the regionals or at campuses about whether this kind of filtering can or will be done...again, i think educating the local networking groups is a key issue. in uc berkeley's case, kevin mitnick provided the education :-} as well as the opportunity to squeeze extra $$$ out of the university administration for a border router capable of handling the filtering. ken ---------------------------------------------------------------------------- Ken Lindahl lindahl () ack berkeley edu Data Communication & Newtorking Services +1-510-642-0866 University of California, Berkeley http://ack.berkeley.edu/~lindahl ----------------------------------------------------------------------------
- - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix David Miller (Sep 17)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix Rob Skrobola (Sep 17)
- Re: New Denial of Service Attack on Panix jefF rizzO (Sep 17)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 17)
- SYN floods Michael Dillon (Sep 17)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 17)
- Re: New Denial of Service Attack on Panix Joel Gallun (Sep 17)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix George Herbert (Sep 17)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 17)
- Re: New Denial of Service Attack on Panix bmanning (Sep 17)
- Re: New Denial of Service Attack on Panix: Avi Freedman (Sep 17)