SYN attack makes NandO Times as well...

Fri Sep 13 20:14:29 UTC 1996

Michael A. Patton put this into my mailbox:
> 
> The NandO Times also has an article, from The Associated Press, on this.

It was all over the news radio stations in the San Francisco Bay Area this
morning, as well.

Far be it from me to complain, but it has been going on for a week now.
I've been silently reading the debates on how to find it, what to do to prevent
it, etc. etc. I've been led to understand that one simply needs to set up
some small temporary filters in each router, find the interface the packets
enter from, and go onto the next router from there.

This is where my greenery shows. I've never configured a router before, don't
know a thing about BGP, and have no practical knowledge beyond what I've
seen here on finding out how to trace something like this.

But I would think that tracing something like this and finding the culprit
shouldn't take more than a day or so - trace back through the path from which
a majority of packets destined for panix.com originate and find the guy.

What this leads me, a somewhat technical person but nowhere near as
knowledgeable as most denizens of this list, to believe is that somehow the
intermediate providers are playing politics of some sort and are refusing to
help each other, or are assigning this a low priority.

I honestly don't mean to insult or offend anyone - for all I know, everyone
here could be spending all their time looking for the culprit. But from that
AP article, and from everything I've heard, everyone's just talking about it
and wincing at poor Panix.

I hesitate to think what might happen if I became the victim of a SYN flood
like this.

Perhaps someone could set me straight about what's going on - or am I dead on
about the Tier 1's not cooperating with Panix and giving this a high priority?
(as I believe it should be given - it's been going on for a bloody week now.)

And if it is politics, maybe someone'll listen to this: Lucent Technologies
and CERT (as is right) are getting the limelight for this - wouldn't it be
great publicity if your company was the provider or one of the providers that
traced this down and caught the guy?

I'd like to think cooperation among internetizens- even if they're competitors-
is still very much alive. I hope I'm not just being idealistic.

-dalvenjah

  Dalvenjah FoxFire, the Teddy Dragon (also known as Sven Nielsen to some :)
                dalvenjah at dal.net    ---     dalvenjah on IRC
     Remember: if you're not on DALnet, you're on the wrong IRC server!!
       (/serv irc.dal.net 7000 or telnet telnet.dal.net to try it out)
--
 ____       _               _      _ "I had the dagger in my hand, and he has
|  _ \ __ _| |_ _____ _ _  (_)__ _| |_the indecency to start dying on his own!"
| |_) / _` | \ V / -_) ' \ | / _` | ' \        --Ambassador G'kar, Babylon 5
|____/\__,_|_|\_/\___|_||_|/ \__,_|_||_| FoxFire -- dalvenjah at dal.net -- (SN90)
                         |__/