North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Tim Bass
  • Date: Mon Sep 16 19:49:27 1996

Kent,

> 
> Dear NANOG/IEPG Folks;
> 
> As you should know by now from reading the papers, Panix, the first ISP in
> NYC, has come under a new denial of service attack. The Wall Street Journal
> quoted Bill Cheswick to the effect that the attack is "unstoppable". Almost,
> but not quite, true.

... XXX ...

Can you explain why you just don't block the IP address of the sender
from your gateway routers.  Is the sender using different IP source
addresses in the IP packet?  Does the attacker change IP source
addresses?  Does the attacker attack the same ports?  Use random
source addresses?

This does not seem like a rocket science firewall firewall project,
based on what I have read.  Please explain what make this attack
'rocket science' to stop.     

Show me the topology, the router configurations of the gateways,
and the format of the denial-of-service attack packets and I'll
be surprised if I can't devise a scheme to stop it, even if
the attacker changes source addresses frequently (and I'm
happy to do it).

Thanks and Regards,

Tim

- - - - - - - - - - - - - - - - -