nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Denial of Service Attack on Panix

From: Dan Ellis <ellis () mail microserve net>
Date: Wed, 18 Sep 1996 12:31:26 -0400 (EDT)
We too have recently gotten hit with these wonderful syn attacks,  until
router logging (or whatever means we develop to trace these packets is
developed) I think there are only 2 resolutions

1) filter incoming ip's, at least on dial-ups and on non-border (or
non-core) routers for ip-spoofing. (Do not allow ip's that should not
originate over this port(s) to be passed), this will allow ISP's to stop
their users from originating these floods. 
2) Fix the OS's to not be as susceptible to SYN floods.  This will
eventually make the hackers board and the problem will slowely disappear.
(well, maybe)

--Dan Ellis
  MIS 

On Wed, 18 Sep 1996, Kent W. England wrote:



It seems to me after reading Curtis' summary that servers can be modified
to make the SYN flooding attacks much more difficult to accomplish. Perhaps
enough so that source address filtering doesn't have the urgency of 
implementation and coordination that I thought before reading Curtis' note.

--Kent


~..............................................................................
--Daniel Ellis
 Director of Engineering / Chief Engineer, MicroServe Information Systems Inc.

                "The only way to predict the future is to invent it."
                      --Alan Kay

- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: