Re: New Denial of Service Attack on Panix

[Avi Freedman <freedman () netaxs com>]

> On Tue, 17 Sep 1996, Perry E. Metzger wrote:
>
> > Michael Dillon writes:
> > > On Tue, 17 Sep 1996, Alan Hannan wrote:
> > >
> > > >   Could we drop the SYN/Denial thread?  It's becoming rather base.
> > >
> > > The discussion could always be moved to the firewalls list.
> >
> > I would suggest that it not be. This is actually a crisis that has to
> > be solved by action taken by service providers working together, and
> > does not involve conventional firewalls per se. I would say that it
> > is therefore germane to Nanog. 
>
> If we're voting, I'd say inet-access.  SYN attacks and defense are more 
> centered on the ISP's than the backbones.
>
> --- David Miller

Sigh.  My feeling is that host-based solutions should be discussed
on inet-access, but mentioned briefly also on nanog so that providers
can note them to give pointers to their customers.

And there probably is too much SYN-related traffic on nanog anyway.
The plea has been made: You should - or you should encourage your
customers to - filter garbage inbound to you from them or outbound from
them to you.  You should come up with a plan to nail the source of
SYN attacks quickly if the trail leads to your network as the source.

Avi

- - - - - - - - - - - - - - - - -