North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Ken Lindahl
  • Date: Tue Sep 17 12:46:16 1996

hi,

On Tue, 17 Sep 1996, Rob Skrobola <[email protected]> wrote:
>On topic: Most of the discussion has been about stopping these general
>kinds of attacks from dial-up providers, ISP's. I've not heard much
>about what seems to be the other major source of potential problems,
>namely universities and schools.. They seem to provide a somewhat more
>involved challenge in the effort to source filter outbound packets. 

good point. in the incidents i've seen here at uc berkeley, about half
were sourced from dial-up providers and about half from other universities.
however, in the majority of the cases, the source host appeared to be a
compromised host, that is, the real perpetrator was actually somewhere
else.

at least in the university environment, i think you would find that most
universities have a central networking group that would be interested in
doing the "right thing," given adequate education and resources. for the
record, i've been filtering inbound and outbound at uc berkeley since
early march 95.

>                            ... So it has to happen closer to the
>source.

works better closer to the source too: the northern uc campuses are
working toward utilizing a single ds3 into an isp. if the filtering were
done at the isp's interface, the filter would have to permit any packet
with a source ip address from any of the 5 northern campus. whereas my
filters permit only uc berkeley source ip addresses. i also use some
strategically located filters in uc berkeley's interior as well.

>    ... It would be interesting to hear an opinion from some networking
>folks at the regionals or at campuses about whether this kind of
>filtering can or will be done...

again, i think educating the local networking groups is a key issue.
in uc berkeley's case, kevin mitnick provided the education :-} as well
as the opportunity to squeeze extra $$$ out of the university administration
for a border router capable of handling the filtering.

ken
----------------------------------------------------------------------------
Ken Lindahl                                 [email protected]
Data Communication & Newtorking Services    +1-510-642-0866
University of California, Berkeley          http://ack.berkeley.edu/~lindahl
----------------------------------------------------------------------------
- - - - - - - - - - - - - - - - -