From: Avi Freedman <freedman@netaxs.com> Subject: Re: New Denial of Service Attack on Panix
Sigh. My feeling is that host-based solutions should be discussed on inet-access, but mentioned briefly also on nanog so that providers can note them to give pointers to their customers.
And there probably is too much SYN-related traffic on nanog anyway. The plea has been made: You should - or you should encourage your customers to - filter garbage inbound to you from them or outbound from them to you. You should come up with a plan to nail the source of SYN attacks quickly if the trail leads to your network as the source.
Short term, this discussion seems appropriate for nanog. On topic: Most of the discussion has been about stopping these general kinds of attacks from dial-up providers, ISP's. I've not heard much about what seems to be the other major source of potential problems, namely universities and schools.. They seem to provide a somewhat more involved challenge in the effort to source filter outbound packets. It's hard to imagine an NSP that is serving a regional attempting to put packet filters on a 7xxx servicing a fully loaded ds3 or two that is connected to a regional, much less the management nightmare that upkeeping that filter would be. So it has to happen closer to the source. It would be interesting to hear an opinion from some networking folks at the regionals or at campuses about whether this kind of filtering can or will be done... RobS Disclaimer - This is *not* an attempt to slam anybody, just to discuss..