[4475] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Avi Freedman)
Tue Sep 17 11:32:33 1996
From: Avi Freedman <freedman@netaxs.com>
To: david@sparks.net (David Miller)
Date: Tue, 17 Sep 1996 11:28:59 -0400 (EDT)
Cc: perry@piermont.com, michael@memra.com, nanog@merit.edu
In-Reply-To: <Pine.BSI.3.91.960917105713.2491D-100000@sparks.net> from "David Miller" at Sep 17, 96 10:58:28 am
> On Tue, 17 Sep 1996, Perry E. Metzger wrote:
>
> > Michael Dillon writes:
> > > On Tue, 17 Sep 1996, Alan Hannan wrote:
> > >
> > > > Could we drop the SYN/Denial thread? It's becoming rather base.
> > >
> > > The discussion could always be moved to the firewalls list.
> >
> > I would suggest that it not be. This is actually a crisis that has to
> > be solved by action taken by service providers working together, and
> > does not involve conventional firewalls per se. I would say that it
> > is therefore germane to Nanog.
>
> If we're voting, I'd say inet-access. SYN attacks and defense are more
> centered on the ISP's than the backbones.
>
> --- David Miller
Sigh. My feeling is that host-based solutions should be discussed
on inet-access, but mentioned briefly also on nanog so that providers
can note them to give pointers to their customers.
And there probably is too much SYN-related traffic on nanog anyway.
The plea has been made: You should - or you should encourage your
customers to - filter garbage inbound to you from them or outbound from
them to you. You should come up with a plan to nail the source of
SYN attacks quickly if the trail leads to your network as the source.
Avi
