North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
> On Tue, 17 Sep 1996, Perry E. Metzger wrote: > > > Michael Dillon writes: > > > On Tue, 17 Sep 1996, Alan Hannan wrote: > > > > > > > Could we drop the SYN/Denial thread? It's becoming rather base. > > > > > > The discussion could always be moved to the firewalls list. > > > > I would suggest that it not be. This is actually a crisis that has to > > be solved by action taken by service providers working together, and > > does not involve conventional firewalls per se. I would say that it > > is therefore germane to Nanog. > > If we're voting, I'd say inet-access. SYN attacks and defense are more > centered on the ISP's than the backbones. > > --- David Miller Sigh. My feeling is that host-based solutions should be discussed on inet-access, but mentioned briefly also on nanog so that providers can note them to give pointers to their customers. And there probably is too much SYN-related traffic on nanog anyway. The plea has been made: You should - or you should encourage your customers to - filter garbage inbound to you from them or outbound from them to you. You should come up with a plan to nail the source of SYN attacks quickly if the trail leads to your network as the source. Avi - - - - - - - - - - - - - - - - -
|