[71135] in North American Network Operators' Group
Re: UDP-TCP-ACK-SYN Attacks
daemon@ATHENA.MIT.EDU (Pete)
Wed Jun 9 19:33:16 2004
From: "Pete" <crossfire@smsonline.net>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>,
"Sean Donelan" <sean@donelan.com>
Cc: <nanog@merit.edu>
Date: Wed, 9 Jun 2004 19:30:49 -0400
Errors-To: owner-nanog-outgoing@merit.edu
> > IP Permit Lists will not provide any mitigation against this
vulnerability.
> >
> > The race is on, who will find your switches first?
>
> yes, i often wondered why the permit list allows the session to connect
then
> gives you a polite message before disconnecting.
>
> anyway this is only on catos..
>
> Steve
>
I have been up to my ears in UDP-TCP-ACK-SYN Attacks for a couple of weeks
now. And IP Lists are useless when the attacker base exceeds that of the
router's memory, therefore I agree.
Paul Vixie stated earlier that there were/are some "short on work" Cisco
BGP/Router Engineers here or around this channel. If that is in-fact the
case then I could use some paid help and welcome anyone that wants to strike
out on their own and hang up their own shingle.
Peter
301-340-1533
