|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
At 03:08 PM 10/3/96 -0400, Tim Bass wrote: > >The TCP fix and possibly and ICMP fix (and more work on >kernel hackers part) will, I can safely predict, the >faster short term solution than trying to coordinate >the world into doing filters. > >Random Drop, is not a panacea, as you say Paul, but it >is a very big, big step in the right direction and >I predict that within 30 days and at the latest 60 >days (because people are busy) that the SYN attack >much less 'troublesome'. > Hm. And how quickly do you think all of the reachable hosts in the world are patched? I would suggest that ingress filtering is, by far, less resource intensive, since the numbers of routers v. hosts are much, much smaller. In any event, I believe ingress filtering is certainly a Good Thing. Also, what progress has been made in hardening OS's for UDP flooding? - paul - - - - - - - - - - - - - - - - -
|