nanog mailing list archives
Re: how to protect name servers against cache corruption
From: Jon Lewis <jlewis () inorganic5 fdt net>
Date: Fri, 1 Aug 1997 02:06:56 -0400 (EDT)
On Thu, 31 Jul 1997, Thomas H. Ptacek wrote:
MAE's) you can do it with impunity and effectively knock entire ISP's off the internet.I'm unaware of any attacks occurring now that do not leverage superior bandwidth (ie, ping flooding from a DS3 a DS1 circuit) that are not addressed in some manner at an operating system or user level.
Many educational institutions have greater than T1 bandwidth to the net, and these seem to be the easiest places for anyone to just walk in and get ethernet access (with no authentication) to a T1 or better, and proceed to wreak havoc on the net. I'd wager I could walk into a computer lab at the local university, and using either windows tools or linux on a floppy, do incredibly destructive things without being caught...probably without being noticed...assuming they do no filtering of traffic (based on source address) leaving their network, and assuming I don't sit there indefinitely.
This is not a valid answer. People who think that the entire Internet can be globally configured to prevent packet forgery from occurring in the first place are deluding themselves, and I think we, as Internet
Can or will? If there are reasons the entire net cannot be made IP source address forgery safe, enlighten me. I don't disagree that the likelyhood of this actually happening are right up there with me being declared Emperor of the US next week, but just because total success is highly improbable doesn't mean resistance is futile. ------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ________Finger jlewis () inorganic5 fdt net for PGP public key_______
Current thread:
- Re: how to protect name servers against cache corruption Francois Beauregard (Aug 02)
- <Possible follow-ups>
- Re: how to protect name servers against cache corruption William Allen Simpson (Aug 02)
- Re: how to protect name servers against cache corruption Sean M. Doran (Aug 05)
- Re: how to protect name servers against cache corruption Dave Crocker (Aug 02)
- Re: how to protect name servers against cache corruption Tim Salo (Aug 02)
- Re: how to protect name servers against cache corruption craig (Aug 02)
- Re: how to protect name servers against cache corruption Jon Lewis (Aug 02)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
- Re: how to protect name servers against cache corruption Jon Lewis (Aug 02)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Aug 02)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Aug 02)
- Re: how to protect name servers against cache corruption Robert T. Nelson (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
- Re: how to protect name servers against cache corruption tqbf (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
- Re: how to protect name servers against cache corruption Randy Bush (Aug 02)
- Re: how to protect name servers against cache corruption Paul A Vixie (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
- Re: how to protect name servers against cache corruption Robert T. Nelson (Aug 02)
- Re: how to protect name servers against cache corruption Gary E. Miller (Aug 02)