nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: "Jeff Young" <young () mci net>
Date: Wed, 18 Sep 1996 10:43:31 -0400
is there that much asymmetry in the very leaves of the network? i live in the asymmetry at the middle of the network but of the folks who are multihomed customers of NSP's, is it that case that asymmetry prevails in single streams of communication? don't most multihomed customers of NSP's engineer a preferred transit? if i'm multihomed to two providers i've already done something to balance my traffic and to make sure that i have fail-over. i accept x routes on connection 1 and y routes on connection 2. outgoing, i might pad my AS on connection 2 and point default on connection 1. i might point a higher metric default out connection 2, or perhaps i'm defaultless and tag routes as i hear them based on my own policy. there are a million ways to do it, but because of the way it's been done usually i wonder if there are that many cases of asymmetry at the edge. i guess the one common thread of this discussion is that whatever must be done, must be done on the edges of the internet. and that's not a cop out, we have as many edge cases as we have connections to isp's. Jeff Young young () mci net
Return-Path: owner-nanog () merit edu Received: from merit.edu (merit.edu [35.1.1.42]) by postoffice.Reston.mci.net (8.7.5/8.7.3) with ESMTP id IAA23210; Wed, 18 Sep 1996 08:09:00 -0400 (EDT) Received: from localhost (daemon@localhost) by merit.edu (8.7.5/merit-2.0) with SMTP id HAA10629; Wed, 18 Sep 1996 07:58:10 -0400 (EDT) Received: by merit.edu (bulk_mailer v1.5); Wed, 18 Sep 1996 07:52:40 -0400 Received: (from daemon@localhost) by merit.edu (8.7.5/merit-2.0) id HAA10473 for nanog-outgoing; Wed, 18 Sep 1996 07:52:39 -0400 (EDT) Received: from diablo.cisco.com (diablo.cisco.com [171.68.223.106]) by merit.edu (8.7.5/merit-2.0) with SMTP id HAA10458 for <nanog () merit edu>; Wed, 18 Sep 1996 07:52:35 -0400 (EDT) Received: from pferguso-pc.cisco.com (c1robo7.cisco.com [171.68.13.7]) by diablo.cisco.com (8.6.12/CISCO.SERVER.1.1) with SMTP id EAA00468; Wed, 18 Sep 1996 04:51:57 -0700 Message-Id: <2.2.32.19960918115156.0069a490 () lint cisco com> X-Sender: pferguso () lint cisco com (Unverified) X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Date: Wed, 18 Sep 1996 07:51:56 -0400 To: Vadim Antonov <avg () quake net> From: Paul Ferguson <pferguso () cisco com> Subject: Re: New Denial of Service Attack on Panix Cc: nanog () merit edu, iepg () iepg org Sender: owner-nanog () merit edu Content-Type: text/plain; charset="us-ascii" Content-Length: 883 I'm wondering if this is not quite the panacea that it appears. More thought is certainly required here... asymmetry being a problem that leaps to mind. - paul At 01:02 PM 9/17/96 -0700, Vadim Antonov wrote:This is the excellent idea! Actually, router vendors may simply add a feature which shuts down the interface if SYN/SYN-ACK balance is too bad -- thus disconnecting the hacker-to-be. Of course, that balance may be decaying with time, so repeated unsuccessful attempts to connect won't trigger alarms. --vadim Forrest W. Christian <forrestc () iMach com> wrote: Maybe I'm missing something here, but wouldn't these Denial of Service attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a given router interface? If so, then couldn't we just sweet-talk cisco into providing 5 minute counts of syns and syn-acks on an interface?
- - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix bmanning (Sep 17)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 17)
- Re: New Denial of Service Attack on Panix Vadim Antonov (Sep 17)
- Re: New Denial of Service Attack on Panix: Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix Justin W. Newton (Sep 17)
- Re: New Denial of Service Attack on Panix Dick St.Peters (Sep 17)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 17)
- Re[2]: New Denial of Service Attack on Panix Brian Murrell (Sep 17)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 17)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Jeff Young (Sep 18)
- Re: New Denial of Service Attack on Panix Guy T Almes (Sep 18)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 18)
- Re: New Denial of Service Attack on Panix Stan Barber (Sep 18)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 18)
- Re: New Denial of Service Attack on Panix Dan Ellis (Sep 18)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 18)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Justin W. Newton (Sep 19)
(Thread continues...)