[4432] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Avi Freedman)
Mon Sep 16 22:06:01 1996
From: Avi Freedman <freedman@netaxs.com>
To: gherbert@crl.com (George Herbert)
Date: Mon, 16 Sep 1996 22:02:28 -0400 (EDT)
Cc: bass@cactus.silkroad.com, michael@memra.com, nanog@merit.edu,
iepg@iepg.org, gherbert@crl.com
In-Reply-To: <199609170148.AA29708@mail.crl.com> from "George Herbert" at Sep 16, 96 06:48:12 pm
> I'm not sure it's even possible to analyze the pseudo-random shifting
> attack (among other problems, there will be legitimate traffic in the
> stream, so knowing what SYNs are bad is a pain) in anything approaching
> realtime, so yes, one of the other methods is a much better choice 8-)
>
> -george william herbert
> gherbert@crl.com
There are other things that one might look at besides trying to analyze and
predict the pseudo-randomness in certain sequences of fields.
But I'm convinced hardening hosts and getting more providers to filter
packets with bogus source IPs is the best way to attack the problem.
Avi
