At 03:08 PM 10/3/96 -0400, Tim Bass wrote:
The TCP fix and possibly and ICMP fix (and more work on kernel hackers part) will, I can safely predict, the faster short term solution than trying to coordinate the world into doing filters.
Random Drop, is not a panacea, as you say Paul, but it is a very big, big step in the right direction and I predict that within 30 days and at the latest 60 days (because people are busy) that the SYN attack much less 'troublesome'.
Hm. And how quickly do you think all of the reachable hosts in the world are patched? I would suggest that ingress filtering is, by far, less resource intensive, since the numbers of routers v. hosts are much, much smaller. In any event, I believe ingress filtering is certainly a Good Thing. Also, what progress has been made in hardening OS's for UDP flooding? - paul