[4968] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Thu Oct 3 14:33:55 1996
Date: Thu, 03 Oct 1996 14:21:04 -0400
To: dvv@sprint.net (Dima Volodin)
From: Paul Ferguson <pferguso@cisco.com>
Cc: nanog@merit.edu, iepg@iepg.org
I agree completely, but neither one is a panacea.
- paul
At 08:40 AM 10/3/96 -0400, Dima Volodin wrote:
>And if everyone doesn't make any attacks we won't have any problems
>either. To rephrase - relying on ingress filtering is putting your
>security in someone other's hands, doing host-based stuff is protecting
>yourself with your own hands. To rephrase once again - doing ingress
>filtering is "being conservative with what you produce", being able to
>cope with SYN floods on the host level is "being liberal on what you
>accept." We need both, and overemphasising one side of the solution will
>do a lot of harm.
>
>
>Dima
>
