[4464] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Erik E. Fair" (Time Keeper))
Tue Sep 17 07:33:59 1996
In-Reply-To: <Pine.LNX.3.91.960917030857.17180B-100000@IMgate.iMach.com>
Date: Tue, 17 Sep 1996 04:30:40 -0700
To: "Forrest W. Christian" <forrestc@iMach.com>
From: "Erik E. Fair" (Time Keeper) <fair@clock.org>
Cc: nanog@merit.edu, iepg@iepg.org
Your suggestion has two flaws:
1. missed SYN ACKs due to asymmetric routing.
2. missed SYN ACKs due to diode routes.
One could argue, of course, that notification of this condition (without
speculating on whether the condition is any of an asymmetric route, a diode
route, or a SYN attack) might be worthwhile...
I'm gonna have to go digging in my archives for the messages I sent to the
CERT and the IETF about this potential problem after it happened to me at
Apple, three years ago, due to a diode route. I publically recommended to
the IETF mailing list that the edges of the network be filtered, and I
privately recommended to the CERT that they begin flogging the systems
vendors for robustness in the face of precisely this denial of service
attack in their hosts. You can imagine the incredible levels of
enthusiastic "can do" attitude I got...
Erik Fair
