Re: New Denial of Service Attack on Panix

[Paul Ferguson <pferguso () cisco com>]

I would personally like to see this topic added as an agenda item at
the upcoming Ann Arbor NANOG meeting. At least a brief discussion of
conventional wisdom (filter on valid source prefixes at periphery, etc.)
should be in order.

- paul

At 04:14 PM 9/16/96 -0700, Kent W. England wrote:

> Dear NANOG/IEPG Folks;
>
> As you should know by now from reading the papers, Panix, the first ISP in
> NYC, has come under a new denial of service attack. The Wall Street Journal
> quoted Bill Cheswick to the effect that the attack is "unstoppable". Almost,
> but not quite, true.
>
> It's true that there isn't anything that Panix can do on its own to stop
> this attack. It's true that it would be hard to verify source addresses at
> MAEs and NAPs. But we could all verify source addresses at the first hop
> entry points. And get default route and unauthorized transit protection to
boot.
> I'd like to know what the community thinks can be done to deal with an
> escalation of these attacks should this occur. Are you doing any source
> address verification now? Are you doing anything to help Panix? Could you?
>
> How seriously do you take this threat? If Panix were to go out of business
> and Bob Metcalfe wrote a column on it, (  :-) do you think we would have to
> deal with it together then, or can we sit tight and expect it to blow over?
> After all, it's easy to dump chemicals in the reservoir, but we still drink
> the water, right?
>
> Thanks.
>
> --Kent
>
>
> ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~
> Kent W. England                                     Six Sigma Networks
> 1655 Landquist Drive, Suite 100              Voice/Fax:   619.632.8400
> Encinitas, CA  92024                                kwe () 6SigmaNets com
> Experienced Internet Consulting     ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~

- - - - - - - - - - - - - - - - -