North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
Ken, I think that you are right on target here. I was thinking that a good way to get the word out to the .edu community might be for someone to deliver a paper on this problem (SYN flood and other source spoofed attacks) at the upcoming LISA. Any takers? Joel On Tue, 17 Sep 1996, Ken Lindahl wrote: > hi, > > On Tue, 17 Sep 1996, Rob Skrobola <[email protected]> wrote: > >On topic: Most of the discussion has been about stopping these general > >kinds of attacks from dial-up providers, ISP's. I've not heard much > >about what seems to be the other major source of potential problems, > >namely universities and schools.. They seem to provide a somewhat more > >involved challenge in the effort to source filter outbound packets. > > good point. in the incidents i've seen here at uc berkeley, about half > were sourced from dial-up providers and about half from other universities. > however, in the majority of the cases, the source host appeared to be a > compromised host, that is, the real perpetrator was actually somewhere > else. > > at least in the university environment, i think you would find that most > universities have a central networking group that would be interested in > doing the "right thing," given adequate education and resources. for the > record, i've been filtering inbound and outbound at uc berkeley since > early march 95. > > > ... So it has to happen closer to the > >source. > > works better closer to the source too: the northern uc campuses are > working toward utilizing a single ds3 into an isp. if the filtering were > done at the isp's interface, the filter would have to permit any packet > with a source ip address from any of the 5 northern campus. whereas my > filters permit only uc berkeley source ip addresses. i also use some > strategically located filters in uc berkeley's interior as well. > > > ... It would be interesting to hear an opinion from some networking > >folks at the regionals or at campuses about whether this kind of > >filtering can or will be done... > > again, i think educating the local networking groups is a key issue. > in uc berkeley's case, kevin mitnick provided the education :-} as well > as the opportunity to squeeze extra $$$ out of the university administration > for a border router capable of handling the filtering. > > ken > ---------------------------------------------------------------------------- > Ken Lindahl lind[email protected] > Data Communication & Newtorking Services +1-510-642-0866 > University of California, Berkeley http://ack.berkeley.edu/~lindahl > ---------------------------------------------------------------------------- > - - - - - - - - - - - - - - - - -
|