Rob Liebschutz writes:

...

It scares me to think how much effort has gone into defense against this one denial of service attack when there are endless possibilities for other ones.

Really? I don't think enough effort has been expended... which is why I'm expending more.

This was intended to be a comparison of how much effort has already been expended with how much more is really needed. I strongly agree that more effort needs to be expended here. Both at the lab/research level and at getting the technology on every box on the Internet (and you've contributed significantly in both of those areas). Good security requires an enormous amount of ongoing effort. It's not like you secure your network and it's done. At least one good things that's happened in the last few years is that many vendors have started paying much more attention to security in their products. This really helps in the distribution effort. I've done alot of consulting in the past, and I've found at many sites that the cost of security was very hard to sell. For startup ISP's network security almost never had a line in the budget. They'd usually tell me they can't afford it. I'd tell them they can't afford to be without it. Of course alot of starup ISP's had never thought about hiring a networking person either! You just go down to the local discount computer store and buy a bunch of 10baseT hubs to plug all your computers into. One big network :-). Talk about startup ISP's (a little off topic here), I had one "WANNA-BE" ISP come to me with a T1 already installed to PBI (no CSU/DSU or router, no hubs, 1 windows 3.11 box) and they wanted me to "bring them up as an ISP". I quoted them a price, but they told me that they only had $3000 to spend. They didn't know what services they wanted to provide either. Then there were two others that came to me that had been sold NAP connections. One guy was sitting their with a single Win95 box plugged into his Cisco 75xx with a DS3 NAP connection, "Well, how do I get this thing configured?". Now he can browse the WEB on his Win 95 box at DS3 speeds:-).

Th point is not that we have to defeat the SYN attacks. We all know by now that the severity of that problem is, at least for modern OSes, reduced to a tolerable level (or will be soon). But these SYN attacks are just the precursor to other even more dangerous attacks that all share one characteristic: forged source addresses. If we can use this event to raise consciousness about the forged-source issue, everyone wins big. And if we don't... well, film at 11, as we say.

/a

Rob