SYN floods (was: does history repeat itself?)

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     Curtis,
     
        As I stated in my previous e-mail, we could do this by adding this 
     to our release notes in our product, describing the problem and 
     advising against not taking measures. However, this would only apply 
     to our customers, which I would venture to say that most already do 
     understand the problem :).
     
        However, if there is anything that I can do to help, please let me 
     know since I take the threat of the "imminent death of the internet" 
     very seriously.
     
     
     Pat R. Calhoun                                e-mail: pcalhoun at usr.com 
     Project Engineer - Lan Access R&D                phone: (847) 933-5181 
     US Robotics Access Corp.
     
______________________________ Reply Separator _________________________________
Subject: Re: Re[2]: SYN floods (was: does history repeat itself?) 
Author:  Curtis Villamizar <curtis at ans.net> at Internet 
Date:    9/12/96 1:44 PM
     
     
     
In message <233128C0.3000 at usr.com>, Pat Calhoun writes: 
> This is a Mime message, which your current mail reader
> may not understand. Parts of the message will appear as
> text. To process the remainder, you will need to use a Mime 
> compatible mail reader. Contact your vendor for details.
> 
> --IMA.Boundary.388702248
> Content-Type: text/plain; charset=US-ASCII 
> Content-Transfer-Encoding: 7bit
> Content-Description: cc:Mail note part 
> 
>      Perry,
>      
>         This is actually quite simple to implement on Dial Access Routers, 
>      and obviously this is the best place to add the filtering. 
>      
>      
>      Pat R. Calhoun                                e-mail: pcalhoun at usr.com 
>      Project Engineer - Lan Access R&D                phone: (847) 933-5181 
>      US Robotics Access Corp.
     
     
I agree with you completely -- sort of.  Only problem is there are 
thought to be some 3,000 dial access providers.  Many of them barely 
know what a TCP SYN is, let alone why they need to block ones with 
random source addresses and how.  Unless of course you are 
volunteering to explain it and help them.  Thanks in advance.  :-)
     
Curtis
     
     
> ______________________________ Reply Separator ______________________________ 
> ___
> Subject: Re: SYN floods (was: does history repeat itself?) 
> Author:  "Perry E. Metzger" <perry at piermont.com> at Internet 
> Date:    9/9/96 1:19 PM
> 
> 
>      
> Re: SYN floods
>      
> PANIX, a large public access provider in New York, was badly hit with 
> SYN flood attacks from random source addresses over the last few 
> days. It nearly wrecked them.
>      
> I think its time for the larger providers to start filtering packets 
> coming from customers so that they only accept packets with the 
> customer's network number on it. 
>      
> Yes, its a load on routers. Yes, its nasty for the mobile IP weenies. 
> Unfortunately, the only known way to stop this. Many TCPs go belly up 
> as soon as they get SYN flooded -- its a defect in the protocol 
> design, and other than Karn style anti-clogging tokens ("cookies") 
> being put into a TCP++ and mass implemented worldwide soon, the only 
> reasonable way to stop this sort of terrorism is provider filtering. 
>      
> Perry
> --IMA.Boundary.388702248
> Content-Type: text/plain; charset=US-ASCII; name="RFC822 message headers" 
> Content-Transfer-Encoding: 7bit
> Content-Description: cc:Mail note part
> Content-Disposition: attachment; filename="RFC822 message headers" 
> 
> Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP
>   (IMA Internet Exchange 2.02 Enterprise) id 233028F0; Sun, 8 Sep 96 12:29:51 
> -0500
> Received: from merit.edu by usr.com (8.7.5/3.1.090690-US Robotics) 
>       id MAA17658; Mon, 9 Sep 1996 12:33:14 -0500 (CDT)
> Received: from localhost (daemon at localhost) by merit.edu (8.7.5/merit-2.0) wi 
> th
> SMTP id NAA17064; Mon, 9 Sep 1996 13:20:33 -0400 (EDT)
> Received: by merit.edu (bulk_mailer v1.5); Mon, 9 Sep 1996 13:19:08 -0400
> Received: (from daemon at localhost) by merit.edu (8.7.5/merit-2.0) id NAA16987 
> for
> nanog-outgoing; Mon, 9 Sep 1996 13:19:08 -0400 (EDT)
> Received: from jekyll.piermont.com (jekyll.piermont.com [206.1.51.15]) by
> merit.edu (8.7.5/merit-2.0) with ESMTP id NAA16982 for <nanog at merit.edu>; Mon 
> , 9
> Sep 1996 13:19:05 -0400 (EDT)
> Received: from localhost (perry at localhost) by jekyll.piermont.com (8.7.5/8.6. 
> 12)
> with SMTP id NAA24855 for <nanog at merit.edu>; Mon, 9 Sep 1996 13:19:02 -0400 
> (EDT)
> Message-Id: <199609091719.NAA24855 at jekyll.piermont.com>
> X-Authentication-Warning: jekyll.piermont.com: Host perry at localhost didn't us 
> e
> HELO protocol
> To: nanog at merit.edu
> Subject: Re: SYN floods (was: does history repeat itself?) 
> In-reply-to: Your message of "Mon, 09 Sep 1996 12:47:13 EDT." 
>              <199609091647.MAA01458 at tomservo.mindspring.com> 
> Reply-To: perry at piermont.com
> X-Reposting-Policy: redistribute only with permission 
> Date: Mon, 09 Sep 1996 13:19:02 -0400
> From: "Perry E. Metzger" <perry at piermont.com> 
> Sender: owner-nanog at merit.edu
> --IMA.Boundary.388702248--
-------------- next part --------------
Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP
  (IMA Internet Exchange 2.02 Enterprise) id 2384C760; Thu, 12 Sep 96 12:46:30
-0500
Received: from merit.edu by usr.com (8.7.5/3.1.090690-US Robotics)
	id MAA17844; Thu, 12 Sep 1996 12:49:51 -0500 (CDT)
Received: from localhost (daemon at localhost) by merit.edu (8.7.5/merit-2.0) with
SMTP id NAA08255; Thu, 12 Sep 1996 13:45:10 -0400 (EDT)
Received: by merit.edu (bulk_mailer v1.5); Thu, 12 Sep 1996 13:44:58 -0400
Received: (from daemon at localhost) by merit.edu (8.7.5/merit-2.0) id NAA08235 for
nanog-outgoing; Thu, 12 Sep 1996 13:44:58 -0400 (EDT)
Received: from brookfield.ans.net (brookfield-ef0.brookfield.ans.net
[204.148.1.20]) by merit.edu (8.7.5/merit-2.0) with ESMTP id NAA08230 for
<nanog at merit.edu>; Thu, 12 Sep 1996 13:44:54 -0400 (EDT)
Received: from brookfield.ans.net (localhost.brookfield.ans.net [127.0.0.1]) by
brookfield.ans.net (8.7.3/8.7.3) with ESMTP id NAA13973; Thu, 12 Sep 1996
13:44:04 -0400 (EDT)
Message-Id: <199609121744.NAA13973 at brookfield.ans.net>
To: pcalhoun at usr.com (Pat Calhoun)
cc: nanog at merit.edu, "Perry E. Metzger" <perry at piermont.com>
Reply-To: curtis at ans.net
Subject: Re: Re[2]: SYN floods (was: does history repeat itself?) 
In-reply-to: Your message of "Mon, 09 Sep 1996 13:19:18 CDT."
             <233128C0.3000 at usr.com> 
Date: Thu, 12 Sep 1996 13:44:04 -0400
From: Curtis Villamizar <curtis at ans.net>
Sender: owner-nanog at merit.edu

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]