At 03:08 PM 10/3/96 -0400, Tim Bass wrote:
The TCP fix and possibly and ICMP fix (and more work on kernel hackers part) will, I can safely predict, the faster short term solution than trying to coordinate the world into doing filters.
Random Drop, is not a panacea, as you say Paul, but it is a very big, big step in the right direction and I predict that within 30 days and at the latest 60 days (because people are busy) that the SYN attack much less 'troublesome'.
Hm. And how quickly do you think all of the reachable hosts in the world are patched? I would suggest that ingress filtering is, by far, less resource intensive, since the numbers of routers v. hosts are much, much smaller.
I think Tim was using the assumption (which I consider quite valid) that once vendors release patches, those being attacked are likely to apply a patch quite quickly. It's a motivaton issue... people are much more motivated to save their own butts in a hurry before trying to save everyone else's. ;-) I think most folks in this forum are good netizens and want to do the Right Thing(s) for everyone. Others, especially those not privy to all the fuss about this issue, are less likely to take action and will probably be hosting these attacks for a while, possibly w/o knowing it until someone tracks it down and yells at them and/or they're attacked themselves (in which case they'll probably reach for things to protect themselves before trying to protect others). Daniel ~~~~~~