New Denial of Service Attack on Panix

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 05:32 PM 10/2/96 -0400, Dima Volodin wrote:

>
>Anyway, filtering packets with SRC addresses known to generate
>ICMP_UNREACH at the earliest possible stage might be a good idea.
>

Well, this is what we [collectively] have been talking about doing
as a 'best current practice' since the attacks became evident.

Also, see:

[snip]


 A New Internet-Draft is available from the on-line Internet-Drafts 
 directories.                                                              

       Title     : Network Ingress Filtering                               
       Author(s) : P. Ferguson
       Filename  : draft-ferguson-ingress-filtering-00.txt
       Pages     : 6
       Date      : 10/01/1996

Recent occurrences of various Denial of Service attacks which have employed
forged source addresses have proven to be a troublesome issue for Internet 
Service Providers and the Internet community overall.  This paper discusses
a simple, effective and straightforward method for using ingress traffic 
filtering to deny attacks which use "invalid" source addresses; prefixes 
which are not being legitimately advertized to the Internet via a 
particular service provider gateway.


[snip]


Once the document is revised to an acceptable [rough consensus] draft,
I'd like to see it become published as a BCP.

- paul

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]