nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Denial of Service Attack on Panix

From: Tim Bass <bass () cactus silkroad com>
Date: Mon, 16 Sep 1996 19:46:14 -0400 (EDT)
Kent,



Dear NANOG/IEPG Folks;

As you should know by now from reading the papers, Panix, the first ISP in
NYC, has come under a new denial of service attack. The Wall Street Journal
quoted Bill Cheswick to the effect that the attack is "unstoppable". Almost,
but not quite, true.


... XXX ...

Can you explain why you just don't block the IP address of the sender
from your gateway routers.  Is the sender using different IP source
addresses in the IP packet?  Does the attacker change IP source
addresses?  Does the attacker attack the same ports?  Use random
source addresses?

This does not seem like a rocket science firewall firewall project,
based on what I have read.  Please explain what make this attack
'rocket science' to stop.     

Show me the topology, the router configurations of the gateways,
and the format of the denial-of-service attack packets and I'll
be surprised if I can't devise a scheme to stop it, even if
the attacker changes source addresses frequently (and I'm
happy to do it).

Thanks and Regards,

Tim

- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: