nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: Leonid Egoshin <egoshin () genesyslab com>
Date: Wed, 18 Sep 1996 11:24:28 -0700 (PDT)
From: David Miller <david () sparks net>I suggest to check not only ratio (assymetric routing !), but high number of SYNs to single host.I think this is pretty useless. If you could get all the end-user ISP's (leaf nodes) to upgrade the OS on their router, you could have a default behavior of BLOCKING the problem SYN's in the first place.
There are the number of customers who are serviced by 2 or more providers and who can't support full routing table in it's routers. This customers setup some default route to one of it's provider, and in this case you would have ratio SYNs/SYN-ACK > 1 in one line.
SYN attacks which aren't from random src addresses aren't really a problem.
I am not shure. Do you like if you are blocked for access to some popular server due to hacker cracked some host in your network ? - Leonid Yegoshin, LY22 P.S. BTW, it is very simple to generate the flow of SYN-ACKs via router which count SYN/SYN-ACK ratio (in reverse path, of course). - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 17)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Jeff Young (Sep 18)
- Re: New Denial of Service Attack on Panix Guy T Almes (Sep 18)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 18)
- Re: New Denial of Service Attack on Panix Stan Barber (Sep 18)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 18)
- Re: New Denial of Service Attack on Panix Dan Ellis (Sep 18)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 18)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Justin W. Newton (Sep 19)
- Re: New Denial of Service Attack on Panix Barry Caplin (Sep 20)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 19)
- Re: New Denial of Service Attack on Panix Hans-Werner Braun (Sep 21)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Hans-Werner Braun (Sep 21)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 21)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Peter Dawe (Sep 22)
(Thread continues...)