[4225] in North American Network Operators' Group
Re: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Dima Volodin)
Mon Sep 9 14:33:16 1996
To: michael@memra.com (Michael Dillon)
Date: Mon, 9 Sep 1996 14:29:00 -0400 (EDT)
Cc: nanog@merit.edu
In-Reply-To: <Pine.BSI.3.93.960909111107.23597I-100000@sidhe.memra.com> from "Michael Dillon" at Sep 9, 96 11:13:28 am
From: dvv@sprint.net (Dima Volodin)
And let's stop fooling ourselves with all those firewalls and other
security toys - what we really need is cooperation among ISPs and world
peace.
Cheers
Dima
Michael Dillon writes:
>
> On Mon, 9 Sep 1996, Perry E. Metzger wrote:
>
> > PANIX, a large public access provider in New York, was badly hit with
> > SYN flood attacks from random source addresses over the last few
> > days. It nearly wrecked them.
> >
> > I think its time for the larger providers to start filtering packets
> > coming from customers so that they only accept packets with the
> > customer's network number on it.
>
> I disagree. A better way to do this would be for providers to cooperate to
> track down the people who are doing it and make sure to flood the media
> with press releases when the culprits are arrested. If the cracker
> wannabe's realize that source-spoofed SYN attacks can still be quickly
> traced, they will stop doing it.
>
> And the cooperation would do the net some good; maybe lead to more
> cooperation down the line.
>
> Michael Dillon - ISP & Internet Consulting
> Memra Software Inc. - Fax: +1-604-546-3049
> http://www.memra.com - E-mail: michael@memra.com
>
>
