Re: New Denial of Service Attack on Panix

["Daniel W. McRobb" <dwm () ans net>]

> At 03:08 PM 10/3/96 -0400, Tim Bass wrote:
>
> > The TCP fix and possibly and ICMP fix (and more work on
> > kernel hackers part) will, I can safely predict, the
> > faster short term solution than trying to coordinate
> > the world into doing filters.
> >
> > Random Drop, is not a panacea, as you say Paul, but it
> > is a very big, big step in the right direction and
> > I predict that within 30 days and at the latest 60
> > days (because people are busy) that the SYN attack
> > much less 'troublesome'.
>
> Hm. And how quickly do you think all of the reachable hosts in the
> world are patched? I would suggest that ingress filtering is, by far,
> less resource intensive, since the numbers of routers v. hosts are
> much, much smaller.

I think Tim was using the assumption (which I consider quite valid) that
once vendors release patches, those being attacked are likely to apply a
patch quite quickly.  It's a motivaton issue... people are much more
motivated to save their own butts in a hurry before trying to save
everyone else's.  ;-)

I think most folks in this forum are good netizens and want to do the
Right Thing(s) for everyone.  Others, especially those not privy to all
the fuss about this issue, are less likely to take action and will
probably be hosting these attacks for a while, possibly w/o knowing it
until someone tracks it down and yells at them and/or they're attacked
themselves (in which case they'll probably reach for things to protect
themselves before trying to protect others).

Daniel
~~~~~~
- - - - - - - - - - - - - - - - -