North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
"Forrest W. Christian" writes: > Maybe I'm missing something here, but wouldn't these Denial of Service > attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a > given router interface? [...] > Then, if the ratio got too high, it can start yelping about "Potential SYN > D-O-S Atttack in progress on Interface Serial 1" > > In this manner "good" isp's wouldn't unknowingly carry these attacks. I think it is easier to just block the attacks completely by source filtering your own network, at which point you can't carry such an attack, knowingly or unknowingly. > I envision this being done on the somewhat bigger isp's where > putting inbound filters on their customer interfaces would be not a > good idea (Sprint, MCI, Net 99, etc.). What you propose is actually much harder to build than filters are. > Personally, I know that these attacks aren't going to originate at our > site, as I have the filters on. However, I am quite concerned about > getting hit with one... Please help, then, in convincing people that it is important to turn on filtering on all leaf networks. Perry - - - - - - - - - - - - - - - - -
|