New Denial of Service Attack on Panix

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

On Tue, 17 Sep 1996, Rob Skrobola <rjs at ans.net> wrote:
>On topic: Most of the discussion has been about stopping these general
>kinds of attacks from dial-up providers, ISP's. I've not heard much
>about what seems to be the other major source of potential problems,
>namely universities and schools.. They seem to provide a somewhat more
>involved challenge in the effort to source filter outbound packets. 

good point. in the incidents i've seen here at uc berkeley, about half
were sourced from dial-up providers and about half from other universities.
however, in the majority of the cases, the source host appeared to be a
compromised host, that is, the real perpetrator was actually somewhere
else.

at least in the university environment, i think you would find that most
universities have a central networking group that would be interested in
doing the "right thing," given adequate education and resources. for the
record, i've been filtering inbound and outbound at uc berkeley since
early march 95.

>                            ... So it has to happen closer to the
>source.

works better closer to the source too: the northern uc campuses are
working toward utilizing a single ds3 into an isp. if the filtering were
done at the isp's interface, the filter would have to permit any packet
with a source ip address from any of the 5 northern campus. whereas my
filters permit only uc berkeley source ip addresses. i also use some
strategically located filters in uc berkeley's interior as well.

>    ... It would be interesting to hear an opinion from some networking
>folks at the regionals or at campuses about whether this kind of
>filtering can or will be done...

again, i think educating the local networking groups is a key issue.
in uc berkeley's case, kevin mitnick provided the education :-} as well
as the opportunity to squeeze extra $$$ out of the university administration
for a border router capable of handling the filtering.

ken
----------------------------------------------------------------------------
Ken Lindahl                                 lindahl at ack.berkeley.edu
Data Communication & Newtorking Services    +1-510-642-0866
University of California, Berkeley          http://ack.berkeley.edu/~lindahl
----------------------------------------------------------------------------

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]