On Mon, 9 Sep 1996, Perry E. Metzger wrote:
PANIX, a large public access provider in New York, was badly hit with SYN flood attacks from random source addresses over the last few days. It nearly wrecked them.
I think its time for the larger providers to start filtering packets coming from customers so that they only accept packets with the customer's network number on it.
I disagree. A better way to do this would be for providers to cooperate to track down the people who are doing it and make sure to flood the media with press releases when the culprits are arrested. If the cracker wannabe's realize that source-spoofed SYN attacks can still be quickly traced, they will stop doing it. And the cooperation would do the net some good; maybe lead to more cooperation down the line. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com