North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Tim Bass
  • Date: Mon Sep 16 20:38:13 1996

Perry,

There is no reason to be hostile to me, I'm not the attacker.

But, now that we know the problem is random IP source addresses
as guessed, the problem is more complex, but solvable.

> 
> Steve Bellovin and Bill Cheswick, who literally wrote the book on
> firewalls, don't agree with you. Ask them if you care to.

Great.  I was building firewalls before B & C wrote the book,
what should we do, bow three time and roll over and play dead.
What mantra should we chant? 

> God, you're an arrogant @#$%, aren't you.

Yes, technically arrogant but not necessarily an @#$%. just an
engineer with lots of hours with hands on experience and
have not met many problems that were not solvable, okay
fusion and time travel are tough and I can't build a
Tokamak in my basement :-)

Instead of being negative, I prefer to too at the problem and
define it in detail.  How does that sound? Or shall we
just throw sticks and knives at one another and resort
to name calling.  That will certainly fix it, Perry!

-------------

An attacker sends a stream of packets to (fill in the blanks)
one hosts, two hosts, a subset of hosts in a network? And
the packets arrive with a frequency of ------? and the
average available bandwidth of the attack flow is -----?
and the average time each packet changes the pseudo random
IP source addreses are?

And, has an analysis been done to determine are the bogus
IP source addresses stochastically random?  Or, I suspect,
are the changing IP source addresses pseudo-random.

Yes, I'm arrogant and believe that given the details and
the specifications of the problem, we can solve it and yes
I believe that whining about it does little to solve the
problem or help make the IP work a better place.

I, we, can't however, solve a problem if it is not clearly
defined.  I would be very surprised to learn that an 
analysis on the 'random' IP source addresses show the packets truely
stochastically random.  

Is this rocket science?  Ok, maybe it is?  But non-the-less
the problem is not impossible to solve.

Sorry for the technical arrogance, but give the facts, not
the hyperbola, you don't have to write summary books
on firewalls to understand how to solve a problem.



Best Regards,

Tim


- - - - - - - - - - - - - - - - -