North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Dan Ellis
  • Date: Wed Sep 18 12:40:14 1996

We too have recently gotten hit with these wonderful syn attacks,  until
router logging (or whatever means we develop to trace these packets is
developed) I think there are only 2 resolutions

1) filter incoming ip's, at least on dial-ups and on non-border (or
non-core) routers for ip-spoofing. (Do not allow ip's that should not
originate over this port(s) to be passed), this will allow ISP's to stop
their users from originating these floods. 
2) Fix the OS's to not be as susceptible to SYN floods.  This will
eventually make the hackers board and the problem will slowely disappear.
(well, maybe)

--Dan Ellis
  MIS 

On Wed, 18 Sep 1996, Kent W. England wrote:

> 
> It seems to me after reading Curtis' summary that servers can be modified
> to make the SYN flooding attacks much more difficult to accomplish. Perhaps
> enough so that source address filtering doesn't have the urgency of 
> implementation and coordination that I thought before reading Curtis' note.
> 
> --Kent

~..............................................................................
--Daniel Ellis
 Director of Engineering / Chief Engineer, MicroServe Information Systems Inc.

		"The only way to predict the future is to invent it."
                      --Alan Kay

- - - - - - - - - - - - - - - - -