[4971] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Tim Bass)
Thu Oct 3 15:15:47 1996
From: Tim Bass <bass@linux.silkroad.com>
To: pferguso@cisco.com (Paul Ferguson)
Date: Thu, 3 Oct 1996 15:08:40 -0400 (EDT)
Cc: dvv@sprint.net, nanog@merit.edu, iepg@iepg.org
In-Reply-To: <2.2.32.19961003182104.006d0230@lint.cisco.com> from "Paul Ferguson" at Oct 3, 96 02:21:04 pm
> I agree completely, but neither one is a panacea.
Actually, after the details of Random Drop is worked out
including the proper queue size and the drop algorithm
we have gone a long way to protecting servers from
TCP SYN attacks.
I have the beginnings of Random Drop working now based
on Alan->Vernnon->Morris; and have been working on
'how to fire hose' the interface and make it work,
with kernel print statements in every junction
and reboot after reboot after kernel build, etc.
ad you-know-what.
The TCP fix and possibly and ICMP fix (and more work on
kernel hackers part) will, I can safely predict, the
faster short term solution than trying to coordinate
the world into doing filters.
Random Drop, is not a panacea, as you say Paul, but it
is a very big, big step in the right direction and
I predict that within 30 days and at the latest 60
days (because people are busy) that the SYN attack
much less 'troublesome'.
Tim
