At 09:09 AM 9/18/96 -0400, Guy T Almes wrote:
Kent, I liked the rest of your message more than the first sentence.
I wish that it were not so, but after reading the clever and insightful approaches to tracking down the denial-of-service perps, I am pessimistic about our ability to stay ahead in the escalation of this counter-counter- measure warfare. I think that if we were able to trace the Panix attacker that a future attacker would hit simultaneously from a half-dozen free dial-up connections with a real random number generator and synthetic SYNs to fool the router stat collector (or whatever it takes). I think we are on the short end of the technology stick here.
I want to amend my statement a bit. While it sounds like I completely ignored Curtis' summary message from Monday, in fact, I never received any of those nanog messages and if I had, I doubt that I would have posted my original message. I faithfully read all my nanog mail and I don't understand the gaps in my receipts. It seems to me after reading Curtis' summary that servers can be modified to make the SYN flooding attacks much more difficult to accomplish. Perhaps enough so that source address filtering doesn't have the urgency of implementation and coordination that I thought before reading Curtis' note. --Kent