I must say that I agree about the SYN floods being a huge problem. A lot of our customers are getting "attacked" as well as possibly some of our machines. While I despise the "death of the net" phrase, I agree something must be done. But a few filters in a few core routers in a few small ISPs will have a null effect on the situation. Until this problem becomes gigantic enough that it affects large networks such as MCI, Sprint, UUNet, etc. I don't predict much will be done. So I presume the best we can hope for is that.. and this may sound a bit nasty.. that the bigger networks start getting attacked. That is the only way there will be a call to arms. Rob Exodus Communications Inc.
We got hit again tonight. This time on seven different machines- three mail hosts, two news machines, our web site, and VTW's web site (we provide all service for VTW).
I am simply amazed that anyone would attack VTW. Even the shmuck who's attacking us benefits from VTW's work. Why would anyone attack them?
Anyway. Point is this: We can't take too much more of this, nor can our customers. I have yet to hear *anyone* come up with any ideas even remotely reasonable for how to deal with this situation, long term, except for the filtering that Avi, Perry, and I have been promoting these last few days.
Whether or not existing equipment can handle the job is *IRRELEVANT*. If it won't, new equipment must be bought. The net won't survive without it.
(And yes, I've been hearing "death of the net" predictions for longer than most readers of this list have been on the net. This could really be it.)
/a