Kent,
Dear NANOG/IEPG Folks;
As you should know by now from reading the papers, Panix, the first ISP in NYC, has come under a new denial of service attack. The Wall Street Journal quoted Bill Cheswick to the effect that the attack is "unstoppable". Almost, but not quite, true.
... XXX ... Can you explain why you just don't block the IP address of the sender from your gateway routers. Is the sender using different IP source addresses in the IP packet? Does the attacker change IP source addresses? Does the attacker attack the same ports? Use random source addresses? This does not seem like a rocket science firewall firewall project, based on what I have read. Please explain what make this attack 'rocket science' to stop. Show me the topology, the router configurations of the gateways, and the format of the denial-of-service attack packets and I'll be surprised if I can't devise a scheme to stop it, even if the attacker changes source addresses frequently (and I'm happy to do it). Thanks and Regards, Tim