[4435] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Sep 16 22:17:36 1996
To: "David J. Schmidt" <davids@on-ramp.ior.com>
cc: kwe@6sigmanets.com, nanog@merit.edu, iepg@iepg.org
In-reply-to: Your message of "Mon, 16 Sep 1996 18:41:27 PDT."
Reply-To: perry@piermont.com
Date: Mon, 16 Sep 1996 22:13:55 -0400
From: "Perry E. Metzger" <perry@piermont.com>
"David J. Schmidt" writes:
> How likely is Panix to go under from this? Admittedly incomming
> connections are seriously effected, but if Panix were to filter out
> incoming SYN's at their entry points could their customers still do
> outbound browsing?
Panix makes a considerable fraction of their income from web hosting,
which is an incoming operation. Luckily, the situation was palliated
by hardening the system kernels and also the attacks have subsided,
possibly because they were no longer particularly effective.
> Bottom line, exactly how is this attack effecting Panix servers and
> what are they able to do to at least operate in a degraded fashion
> during these attacks? What could *I* do if my site were attacked?
Right now? If you don't have system source to your kernels I would say
you are hosed. I would suggest trying to work to get lots of ISPs to
filter outgoing packets. Its the surest defense for
everyone. Additionally, if you do have sources to your kernel there
may be fixes that can be made in advance of vendors announcing
BTW, if anyone is actually being attacked right now, please get in
touch with me.