[4140] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Racer X)
Thu Aug 22 03:15:00 1996
Date: Thu, 22 Aug 1996 00:25:22 -0400 (EDT)
From: Racer X <shagboy@wspice.com>
Reply-To: shagboy@bluesky.net
To: Alan Cox <alan@cymru.net>
cc: Lefty <lefty@sliderule.geek.org.uk>, alan@cymru.net, nelson@crynwr.com,
linux-net@vger.rutgers.edu
In-Reply-To: <199608201545.QAA08566@snowcrash.cymru.net>
On Tue, 20 Aug 1996, Alan Cox wrote:
> Its up to ISP's to filter addresses coming FROM their network which are
> not their own addresses. I would dearly like the big providers to write
> that into their acceptable use policy as a requirement. These problems
> have to be stopped _at_source_, and the random clueless provider is a
> hazard to all otherwise. We don't allow people to run telephone companies
> without showing some degree of sense so they wont upset the existing
> infrastructure, so why do we allow ISP's to get away with it to the bad
> suffering of other ISPs ?
That doesn't do too much good with a big provider (Netcom, PSI, TIAC, et al)
who have lots of IP's (TIAC even has its own class B). I say again, I think
it's up to the individual ISP to watch out for themselves - if they are
getting SYN-flooded, make a few phone calls or send a nasty letter to the
attacker's provider. Or, better yet, put a little extra code into inetd or
tcpd that is smart enough to watch out for this kind of attack.
Although I agree that ISP's SHOULD filter the outbound packets, I doubt
many of them are doing so or plan to anytime soon, so I don't think that
holding the attacker's provider liable is going to solve any problems.
The attacker can always find another provider.
shag
Judd Bourgeois | When we are planning for posterity,
shagboy@bluesky.net | we ought to remember that virtue is
Finger for PGP key | not hereditary. Thomas Paine
