Re: New Denial of Service Attack on Panix

["Kent W. England" <kwe () 6SigmaNets com>]

At 09:09 AM 9/18/96 -0400, Guy T Almes wrote:
> Kent,
>  I liked the rest of your message more than the first sentence.
>
> > >
> > I wish that it were not so, but after reading the clever and insightful
> > approaches to tracking down the denial-of-service perps, I am pessimistic
> > about our ability to stay ahead in the escalation of this counter-counter-
> > measure warfare. I think that if we were able to trace the Panix attacker
> > that a future attacker would hit simultaneously from a half-dozen free
> > dial-up connections with a real random number generator and synthetic
> > SYNs to fool the router stat collector (or whatever it takes). I think we 
> > are on the short end of the technology stick here.

I want to amend my statement a bit. While it sounds like I completely ignored
Curtis' summary message from Monday, in fact, I never received any of those
nanog messages and if I had, I doubt that I would have posted my original
message.
I faithfully read all my nanog mail and I don't understand the gaps in my
receipts.

It seems to me after reading Curtis' summary that servers can be modified
to make the SYN flooding attacks much more difficult to accomplish. Perhaps
enough so that source address filtering doesn't have the urgency of 
implementation and coordination that I thought before reading Curtis' note.

--Kent

- - - - - - - - - - - - - - - - -