|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Re[2]: SYN floods (was: does history repeat itself?)
In message <[email protected]>, Pat Calhoun writes: > This is a Mime message, which your current mail reader > may not understand. Parts of the message will appear as > text. To process the remainder, you will need to use a Mime > compatible mail reader. Contact your vendor for details. > > --IMA.Boundary.388702248 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > Content-Description: cc:Mail note part > > Perry, > > This is actually quite simple to implement on Dial Access Routers, > and obviously this is the best place to add the filtering. > > > Pat R. Calhoun e-mail: [email protected] > Project Engineer - Lan Access R&D phone: (847) 933-5181 > US Robotics Access Corp. I agree with you completely -- sort of. Only problem is there are thought to be some 3,000 dial access providers. Many of them barely know what a TCP SYN is, let alone why they need to block ones with random source addresses and how. Unless of course you are volunteering to explain it and help them. Thanks in advance. :-) Curtis > ______________________________ Reply Separator ______________________________ > ___ > Subject: Re: SYN floods (was: does history repeat itself?) > Author: "Perry E. Metzger" <[email protected]> at Internet > Date: 9/9/96 1:19 PM > > > > Re: SYN floods > > PANIX, a large public access provider in New York, was badly hit with > SYN flood attacks from random source addresses over the last few > days. It nearly wrecked them. > > I think its time for the larger providers to start filtering packets > coming from customers so that they only accept packets with the > customer's network number on it. > > Yes, its a load on routers. Yes, its nasty for the mobile IP weenies. > Unfortunately, the only known way to stop this. Many TCPs go belly up > as soon as they get SYN flooded -- its a defect in the protocol > design, and other than Karn style anti-clogging tokens ("cookies") > being put into a TCP++ and mass implemented worldwide soon, the only > reasonable way to stop this sort of terrorism is provider filtering. > > Perry > --IMA.Boundary.388702248 > Content-Type: text/plain; charset=US-ASCII; name="RFC822 message headers" > Content-Transfer-Encoding: 7bit > Content-Description: cc:Mail note part > Content-Disposition: attachment; filename="RFC822 message headers" > > Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP > (IMA Internet Exchange 2.02 Enterprise) id 233028F0; Sun, 8 Sep 96 12:29:51 > -0500 > Received: from merit.edu by usr.com (8.7.5/3.1.090690-US Robotics) > id MAA17658; Mon, 9 Sep 1996 12:33:14 -0500 (CDT) > Received: from localhost ([email protected]) by merit.edu (8.7.5/merit-2.0) wi > th > SMTP id NAA17064; Mon, 9 Sep 1996 13:20:33 -0400 (EDT) > Received: by merit.edu (bulk_mailer v1.5); Mon, 9 Sep 1996 13:19:08 -0400 > Received: (from [email protected]) by merit.edu (8.7.5/merit-2.0) id NAA16987 > for > nanog-outgoing; Mon, 9 Sep 1996 13:19:08 -0400 (EDT) > Received: from jekyll.piermont.com (jekyll.piermont.com [206.1.51.15]) by > merit.edu (8.7.5/merit-2.0) with ESMTP id NAA16982 for <[email protected]>; Mon > , 9 > Sep 1996 13:19:05 -0400 (EDT) > Received: from localhost ([email protected]) by jekyll.piermont.com (8.7.5/8.6. > 12) > with SMTP id NAA24855 for <[email protected]>; Mon, 9 Sep 1996 13:19:02 -0400 > (EDT) > Message-Id: <[email protected]> > X-Authentication-Warning: jekyll.piermont.com: Host [email protected] didn't us > e > HELO protocol > To: [email protected] > Subject: Re: SYN floods (was: does history repeat itself?) > In-reply-to: Your message of "Mon, 09 Sep 1996 12:47:13 EDT." > <[email protected]> > Reply-To: [email protected] > X-Reposting-Policy: redistribute only with permission > Date: Mon, 09 Sep 1996 13:19:02 -0400 > From: "Perry E. Metzger" <[email protected]> > Sender: [email protected] > --IMA.Boundary.388702248-- - - - - - - - - - - - - - - - - -
|