[4284] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (Robert Bowman)
Wed Sep 11 06:30:34 1996
From: Robert Bowman <rob@elite.exodus.net>
To: alexis@panix.com (Alexis Rosen)
Date: Wed, 11 Sep 1996 03:24:26 -0700 (PDT)
Cc: nanog@merit.edu
In-Reply-To: <199609110958.FAA16558@panix.com> from "Alexis Rosen" at Sep 11, 96 05:58:02 am
I must say that I agree about the SYN floods being a huge problem. A lot
of our customers are getting "attacked" as well as possibly some of our
machines.
While I despise the "death of the net" phrase, I agree something must be
done. But a few filters in a few core routers in a few small ISPs will have
a null effect on the situation.
Until this problem becomes gigantic enough that it affects large networks
such as MCI, Sprint, UUNet, etc. I don't predict much will be done.
So I presume the best we can hope for is that.. and this may sound a bit
nasty.. that the bigger networks start getting attacked. That is the only
way there will be a call to arms.
Rob
Exodus Communications Inc.
> We got hit again tonight. This time on seven different machines- three
> mail hosts, two news machines, our web site, and VTW's web site (we
> provide all service for VTW).
>
> I am simply amazed that anyone would attack VTW. Even the shmuck who's
> attacking us benefits from VTW's work. Why would anyone attack them?
>
> Anyway. Point is this: We can't take too much more of this, nor can our
> customers. I have yet to hear *anyone* come up with any ideas even remotely
> reasonable for how to deal with this situation, long term, except for the
> filtering that Avi, Perry, and I have been promoting these last few days.
>
> Whether or not existing equipment can handle the job is *IRRELEVANT*. If
> it won't, new equipment must be bought. The net won't survive without it.
>
> (And yes, I've been hearing "death of the net" predictions for longer than
> most readers of this list have been on the net. This could really be it.)
>
> /a
>
