|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN floods continueg
> On Wed, 11 Sep 1996, Alexis Rosen wrote: > > > Anyway. Point is this: We can't take too much more of this, nor can our > > customers. I have yet to hear *anyone* come up with any ideas even remotely > > reasonable for how to deal with this situation, long term, except for the > > filtering that Avi, Perry, and I have been promoting these last few days. > > > > Whether or not existing equipment can handle the job is *IRRELEVANT*. If > > it won't, new equipment must be bought. The net won't survive without it. > > Did you ever track down the source of the attacks? If not, why not? > > Michael Dillon - ISP & Internet Consulting Without saying too much, I think I can say tat the attacks did go on for hours a few times, but stopped before too much tracing could be done. Initially I thought Panix was being attacked by a random attacker; Voicenet in Philadelphia was attacked for almost a day on their mail ports, and another provider in Philly was attacked for 4-6 hours on news ports (pretty ineffective). But Panix has been attacked a few times now. I've actually got a kernel built for sun4c that is pretty good/resistant, but only to the attacks I can *think of*. I and panix are trying to get it working on sun4m. Bottom line, it would be good if everyone who could would filter incoming on customers or outgoing on borders. While you're at it, if your network is relatively simple (compared to, say, MCI's or UUNET's or Sprint's), you might want to filter incoming on borders at exchange points to prevent others from using you for transit. Avi - - - - - - - - - - - - - - - - -
|