[4499] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Justin W. Newton)
Tue Sep 17 16:27:50 1996
Date: Tue, 17 Sep 1996 16:25:12 -0400
To: "Dick St.Peters" <stpeters@NetHeaven.com>,
George Herbert <gherbert@crl.com>
From: "Justin W. Newton" <justin@erols.com>
Cc: Michael Dillon <michael@memra.com>, nanog@merit.edu, iepg@iepg.org
At 02:51 PM 9/17/96 -0400, Dick St.Peters wrote:
>
>Logging denies will fill up your log anyway. Packets arriving for a
>dialup user after he/she hangs up fall through to the default route
>back out of the box. They are then _outbound_ packets with source
>address off the network and destination address on the network.
That depends how your network is setup. Ours would have the route going to
Null0, so it wouldn't be shot back out via the default route. This hides
any internal instability from being announced to the outside world except
in /extreme/ cases. (Like we fall completely off the net). Why would you
want the packet transiting back and forth across your T-1 until the TTL
expires anyway? Much better to black hole the sucker.
Justin Newton
Internet Architect
Erol's Internet Services
