[4244] in North American Network Operators' Group
Re: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Avi Freedman)
Mon Sep 9 21:09:51 1996
From: Avi Freedman <freedman@netaxs.com>
To: stpeters@netheaven.com (Dick St.Peters)
Date: Mon, 9 Sep 1996 21:08:20 -0400 (EDT)
Cc: nanog@merit.edu
In-Reply-To: <199609100034.UAA04936@saint.heaven.net> from "Dick St.Peters" at Sep 9, 96 08:34:49 pm
> > So, what does this say? Look for more 13-year-olds causing
> > denial-of-service attacks for the hell of it. It seems a lot of the
> > providers SYN flooders like to attack are the ones which have IRC servers,
> > but the flooders attack the more traditional services of those providers,
> > too.
>
> My outbound filter blocks packets not from an address in my space. Am
> I wrong in thinking this is the right thing for non-transit networks
> to do?
>
> Dick St.Peters, Gatekeeper, Pearly Gateway, Ballston Spa, NY
This is *exactly* the right thing to do; every provider which does
not provide complicated transit (which excludes even certain regionals,
alas) should do this at their borders if they don't do it at each customer
connect.
And everyone should at least filter on each customer 56k/t1/etc...
I know router cycles are tight but it might *really* become
imperative...
Avi
