North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Dima Volodin
  • Date: Thu Oct 03 09:28:45 1996

And if everyone doesn't make any attacks we won't have any problems
either. To rephrase - relying on ingress filtering is putting your
security in someone other's hands, doing host-based stuff is protecting
yourself with your own hands. To rephrase once again - doing ingress
filtering is "being conservative with what you produce", being able to
cope with SYN floods on the host level is "being liberal on what you
accept." We need both, and overemphasising one side of the solution will
do a lot of harm.


Dima

Paul Ferguson writes:
> 
> Well, that's true, but it's a different facet of the same problem.
> The draft only attempts to solve what it is that we can solve be
> ingress filtering. Solutions using firewalls or proxy devices which
> defat this type of attack are a Good Thing, but if everyone does
> ingress filtering, a large percentage of this problem disappear.
> 
> - paul
> 
> >Thus host-(and firewall-)based solutions are at least as important as
> >the ingress filtering.
> >
> >As of the evidence of these attacks - they were evident long before the
> >current talking.
> >
> >Dima
> 
> 

- - - - - - - - - - - - - - - - -