[4956] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Tim Bass)
Thu Oct 3 11:29:28 1996
From: Tim Bass <bass@linux.silkroad.com>
To: mo@UU.NET (Mike O'Dell)
Date: Thu, 3 Oct 1996 11:22:27 -0400 (EDT)
Cc: bass@cactus.silkroad.com, nanog@merit.edu, iepg@iepg.org
In-Reply-To: <QQbjvn07875.199610031447@rodan.UU.NET> from "Mike O'Dell" at Oct 3, 96 10:47:10 am
>
> Vern Schriver at SGI has been running experiements and
> the conclusions are pretty compelling.
>
Yes, I have been looking for 'another approach' other than random
drop, just as an alternative. But, since ICMP/IP seems to be
broken, using ICMP UNREACHABLE error messages does not work.
I agree that random drop is 'best current idea' (BCI :-)
However, I think it is prudent to look at other possible
approaches as well. This is what I have been doing in the lab;
looking to see if any other practical alternatives exist
at the kernel implementation of TCP/IP.
My efforts in the lab do not imply that random drop
is not a good idea. On the contrary, the
more I look for an alternative solution, the better
random drop appears.
However, it is interesting to see if another kernel
mod would work as well......... I do worry about
the limitation of the queue drop algorithm based
on queue size and delay.
FYI: I implemented 'someones' version of random drop
on my servers (using their patch) and the servers
all crashed (when the attack was fast and hard on
the same subnet). There is a lot of work to be
done.
Thanks,
Tim
