Re: New Denial of Service Attack on Panix
I would personally like to see this topic added as an agenda item at the upcoming Ann Arbor NANOG meeting. At least a brief discussion of conventional wisdom (filter on valid source prefixes at periphery, etc.) should be in order. - paul At 04:14 PM 9/16/96 -0700, Kent W. England wrote:
Dear NANOG/IEPG Folks;
As you should know by now from reading the papers, Panix, the first ISP in NYC, has come under a new denial of service attack. The Wall Street Journal quoted Bill Cheswick to the effect that the attack is "unstoppable". Almost, but not quite, true.
It's true that there isn't anything that Panix can do on its own to stop this attack. It's true that it would be hard to verify source addresses at MAEs and NAPs. But we could all verify source addresses at the first hop entry points. And get default route and unauthorized transit protection to boot.
I'd like to know what the community thinks can be done to deal with an escalation of these attacks should this occur. Are you doing any source address verification now? Are you doing anything to help Panix? Could you?
How seriously do you take this threat? If Panix were to go out of business and Bob Metcalfe wrote a column on it, ( :-) do you think we would have to deal with it together then, or can we sit tight and expect it to blow over? After all, it's easy to dump chemicals in the reservoir, but we still drink the water, right?
Thanks.
--Kent
~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~ Kent W. England Six Sigma Networks 1655 Landquist Drive, Suite 100 Voice/Fax: 619.632.8400 Encinitas, CA 92024 kwe@6SigmaNets.com Experienced Internet Consulting ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~~ ~~~~
On Tue, 17 Sep 1996, Paul Ferguson wrote:
I would personally like to see this topic added as an agenda item at the upcoming Ann Arbor NANOG meeting. At least a brief discussion of conventional wisdom (filter on valid source prefixes at periphery, etc.) should be in order.
And ask that anybody with non-Cisco experience submit the appropriate filters for other brands of router so we can get the widest possible use of source filtering implemented. I still haven't seen anyone here volunteer a website for this although http://www.mtiweb.com/isp has some information available. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
On Tue, 17 Sep 1996, Paul Ferguson wrote:
I would personally like to see this topic added as an agenda item at the upcoming Ann Arbor NANOG meeting. At least a brief discussion of conventional wisdom (filter on valid source prefixes at periphery, etc.) should be in order.
And ask that anybody with non-Cisco experience submit the appropriate filters for other brands of router so we can get the widest possible use of source filtering implemented.
I still haven't seen anyone here volunteer a website for this although http://www.mtiweb.com/isp has some information available.
Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
Well.... if I get some spare cycles, I'll put it up. -- --bill
I would personally like to see this topic added as an agenda item at the upcoming Ann Arbor NANOG meeting. At least a brief discussion of conventional wisdom (filter on valid source prefixes at periphery, etc.) should be in order.
- paul
Hmm, sounds like a debate panel (similar to what's planned for a multihoming thing) would be in order, since there's dissention about where it's possible or desirable to implement the filtering. The key thing is a 5-minute exhortation to make available to customers or certain key groups (like CERT) a clueful-24-hour-contact # from each major provider... Avi
participants (4)
-
Avi Freedman
-
bmanning@ISI.EDU
-
Michael Dillon
-
Paul Ferguson