North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
I would personally like to see this topic added as an agenda item at the upcoming Ann Arbor NANOG meeting. At least a brief discussion of conventional wisdom (filter on valid source prefixes at periphery, etc.) should be in order. - paul At 04:14 PM 9/16/96 -0700, Kent W. England wrote: >Dear NANOG/IEPG Folks; > >As you should know by now from reading the papers, Panix, the first ISP in >NYC, has come under a new denial of service attack. The Wall Street Journal >quoted Bill Cheswick to the effect that the attack is "unstoppable". Almost, >but not quite, true. > >It's true that there isn't anything that Panix can do on its own to stop >this attack. It's true that it would be hard to verify source addresses at >MAEs and NAPs. But we could all verify source addresses at the first hop >entry points. And get default route and unauthorized transit protection to boot. > >I'd like to know what the community thinks can be done to deal with an >escalation of these attacks should this occur. Are you doing any source >address verification now? Are you doing anything to help Panix? Could you? > >How seriously do you take this threat? If Panix were to go out of business >and Bob Metcalfe wrote a column on it, ( :-) do you think we would have to >deal with it together then, or can we sit tight and expect it to blow over? >After all, it's easy to dump chemicals in the reservoir, but we still drink >the water, right? > >Thanks. > >--Kent > > >~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~ >Kent W. England Six Sigma Networks >1655 Landquist Drive, Suite 100 Voice/Fax: 619.632.8400 >Encinitas, CA 92024 [email protected] >Experienced Internet Consulting ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~ > > > - - - - - - - - - - - - - - - - -
|