New Denial of Service Attack on Panix
Paul Ferguson
pferguso at cisco.com
Thu Oct 3 22:15:34 UTC 1996
At 03:08 PM 10/3/96 -0400, Tim Bass wrote:
>
>The TCP fix and possibly and ICMP fix (and more work on
>kernel hackers part) will, I can safely predict, the
>faster short term solution than trying to coordinate
>the world into doing filters.
>
>Random Drop, is not a panacea, as you say Paul, but it
>is a very big, big step in the right direction and
>I predict that within 30 days and at the latest 60
>days (because people are busy) that the SYN attack
>much less 'troublesome'.
>
Hm. And how quickly do you think all of the reachable hosts in the
world are patched? I would suggest that ingress filtering is, by far,
less resource intensive, since the numbers of routers v. hosts are
much, much smaller.
In any event, I believe ingress filtering is certainly a Good Thing.
Also, what progress has been made in hardening OS's for UDP flooding?
- paul
More information about the NANOG
mailing list