North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Joel Gallun
  • Date: Tue Sep 17 13:31:53 1996

Ken,

I think that you are right on target here. I was thinking that a good way
to get the word out to the .edu community might be for someone to deliver
a paper on this problem (SYN flood and other source spoofed attacks) at
the upcoming LISA. 

Any takers? 

Joel


On Tue, 17 Sep 1996, Ken Lindahl wrote:

> hi,
> 
> On Tue, 17 Sep 1996, Rob Skrobola <[email protected]> wrote:
> >On topic: Most of the discussion has been about stopping these general
> >kinds of attacks from dial-up providers, ISP's. I've not heard much
> >about what seems to be the other major source of potential problems,
> >namely universities and schools.. They seem to provide a somewhat more
> >involved challenge in the effort to source filter outbound packets. 
> 
> good point. in the incidents i've seen here at uc berkeley, about half
> were sourced from dial-up providers and about half from other universities.
> however, in the majority of the cases, the source host appeared to be a
> compromised host, that is, the real perpetrator was actually somewhere
> else.
> 
> at least in the university environment, i think you would find that most
> universities have a central networking group that would be interested in
> doing the "right thing," given adequate education and resources. for the
> record, i've been filtering inbound and outbound at uc berkeley since
> early march 95.
> 
> >                            ... So it has to happen closer to the
> >source.
> 
> works better closer to the source too: the northern uc campuses are
> working toward utilizing a single ds3 into an isp. if the filtering were
> done at the isp's interface, the filter would have to permit any packet
> with a source ip address from any of the 5 northern campus. whereas my
> filters permit only uc berkeley source ip addresses. i also use some
> strategically located filters in uc berkeley's interior as well.
> 
> >    ... It would be interesting to hear an opinion from some networking
> >folks at the regionals or at campuses about whether this kind of
> >filtering can or will be done...
> 
> again, i think educating the local networking groups is a key issue.
> in uc berkeley's case, kevin mitnick provided the education :-} as well
> as the opportunity to squeeze extra $$$ out of the university administration
> for a border router capable of handling the filtering.
> 
> ken
> ----------------------------------------------------------------------------
> Ken Lindahl                                 lind[email protected]
> Data Communication & Newtorking Services    +1-510-642-0866
> University of California, Berkeley          http://ack.berkeley.edu/~lindahl
> ----------------------------------------------------------------------------
> 


- - - - - - - - - - - - - - - - -