nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: Tim Bass <bass () cactus silkroad com>
Date: Sat, 21 Sep 1996 11:05:03 -0400 (EDT)
Good Morning, Please excuse me if this simple suggestion was mentioned in the thread (the traffic was so heavy I did not read so many), but I woke up this morning thinking simply: If all ISPs would configure final end user routers (not transit carriers or intermediate systems, but only the router that actually services end users) to drop all packets originating in the direction of the end user where the source IP address does not match the IP address of the customer on a per port basis (or some variation of this plot and theme) then it would become trival to trace these denial-of-service attacks. Again, I apologize if this simple technique was mentioned during the heavy traffic on the subject and I missed it, but this approach seems so simple, that it must of been mentioned, but I missed it. For this simple technique, I agree that a BCP is appropriate, so all IP service providers can 'sing off the same sheet of music' and cooperate together to stop bogus packets originating inside of their 'sphere of influence'. Of course, getting all providers in the world to cooperate sounds like an impossible task, so in that case, all level 0, 1, etc. transit networks must have a policy that all downstream (or is it upstream, I'm still asleep) do this filtering as part of the service agreement. Unless my groggy mind from a deep sleep is missing some marbles, this general technique and administrative policy would go a very long way toward stopping the random() attack and provide for a much easier way to trace attackers. Yawn. Back to sleep...... All The Best, Tim - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 17)
- Re[2]: New Denial of Service Attack on Panix Brian Murrell (Sep 17)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 17)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Jeff Young (Sep 18)
- Re: New Denial of Service Attack on Panix Guy T Almes (Sep 18)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 18)
- Re: New Denial of Service Attack on Panix Stan Barber (Sep 18)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 18)
- Re: New Denial of Service Attack on Panix Dan Ellis (Sep 18)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 18)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Justin W. Newton (Sep 19)
- Re: New Denial of Service Attack on Panix Barry Caplin (Sep 20)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 19)
- Re: New Denial of Service Attack on Panix Hans-Werner Braun (Sep 21)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Hans-Werner Braun (Sep 21)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 21)
(Thread continues...)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 17)