|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re[2]: SYN floods (was: does history repeat itself?)
Perry,
This is actually quite simple to implement on Dial Access Routers,
and obviously this is the best place to add the filtering.
Pat R. Calhoun e-mail: [email protected]
Project Engineer - Lan Access R&D phone: (847) 933-5181
US Robotics Access Corp.
______________________________ Reply Separator _________________________________
Subject: Re: SYN floods (was: does history repeat itself?)
Author: "Perry E. Metzger" <[email protected]> at Internet
Date: 9/9/96 1:19 PM
Re: SYN floods
PANIX, a large public access provider in New York, was badly hit with
SYN flood attacks from random source addresses over the last few
days. It nearly wrecked them.
I think its time for the larger providers to start filtering packets
coming from customers so that they only accept packets with the
customer's network number on it.
Yes, its a load on routers. Yes, its nasty for the mobile IP weenies.
Unfortunately, the only known way to stop this. Many TCPs go belly up
as soon as they get SYN flooded -- its a defect in the protocol
design, and other than Karn style anti-clogging tokens ("cookies")
being put into a TCP++ and mass implemented worldwide soon, the only
reasonable way to stop this sort of terrorism is provider filtering.
Perry
Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP (IMA Internet Exchange 2.02 Enterprise) id 233028F0; Sun, 8 Sep 96 12:29:51 -0500 Received: from merit.edu by usr.com (8.7.5/3.1.090690-US Robotics) id MAA17658; Mon, 9 Sep 1996 12:33:14 -0500 (CDT) Received: from localhost ([email protected]) by merit.edu (8.7.5/merit-2.0) with SMTP id NAA17064; Mon, 9 Sep 1996 13:20:33 -0400 (EDT) Received: by merit.edu (bulk_mailer v1.5); Mon, 9 Sep 1996 13:19:08 -0400 Received: (from [email protected]) by merit.edu (8.7.5/merit-2.0) id NAA16987 for nanog-outgoing; Mon, 9 Sep 1996 13:19:08 -0400 (EDT) Received: from jekyll.piermont.com (jekyll.piermont.com [206.1.51.15]) by merit.edu (8.7.5/merit-2.0) with ESMTP id NAA16982 for <[email protected]>; Mon, 9 Sep 1996 13:19:05 -0400 (EDT) Received: from localhost ([email protected]) by jekyll.piermont.com (8.7.5/8.6.12) with SMTP id NAA24855 for <[email protected]>; Mon, 9 Sep 1996 13:19:02 -0400 (EDT) Message-Id: <[email protected]> X-Authentication-Warning: jekyll.piermont.com: Host [email protected] didn't use HELO protocol To: [email protected] Subject: Re: SYN floods (was: does history repeat itself?) In-reply-to: Your message of "Mon, 09 Sep 1996 12:47:13 EDT." <[email protected]> Reply-To: [email protected] X-Reposting-Policy: redistribute only with permission Date: Mon, 09 Sep 1996 13:19:02 -0400 From: "Perry E. Metzger" <[email protected]> Sender: [email protected]
|