North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Denial of service attacks apparently from UUNET Netblocks

  • From: Barney Wolff
  • Date: Tue Oct 07 12:56:58 1997

> Date: Tue, 7 Oct 1997 12:04:27 -0400 (EDT)
> From: Alex Przekupowski <[email protected]>
> On the MAX's that I have set up, I log that info to syslog (Local 7), and
> can pull it up at will.  If you need a hand, just let me know.  By
> combining the syslog output, and the RADIUS accounting logs, we can
> definately prove at least the home address of the attacker.

How are you providing source address assurance, on either a MAX or a TNT?
My understanding, which may well be flawed, is that the only way is with
a filter.  I have heard claims, which may also be flawed, that filters
have a severe performance impact on MAX and TNT.

Without source address assurance, how do you know that the packets are
actually coming from the user who was assigned that address at that time?

Barney Wolff  <[email protected]>