Re: New Denial of Service Attack on Panix
I am actually fairly serious. The tremendous amount of email this generated amazes me. With the amount of effort going into that, I suspect may be 40% or more of the problem could already be alleviated if people would just go out and coordinate and do it. Yes, it will not resolve things at the 100th percentile, but what are we optimizing for? A solution for generations to come? Or something that helps, and that can perhaps be augmented by some other means, such as spot measurements (especially for events that last hours). All reminds me actually a little of the movie Star Trek Generations, when Picard an Soran were on this planet, about minutes away from the whole star system being blown to kingdom come, Picard helplessly throwing little rocks at the shield, and Soran asking him something like "don't you have anything better to do."
On Sat, 21 Sep 1996, Hans-Werner Braun wrote:
I am actually fairly serious. The tremendous amount of email this generated amazes me. With the amount of effort going into that, I suspect may be 40% or more of the problem could already be alleviated if people would just go out and coordinate and do it.
A lot of this coordination is already happening. At least half of North Americas ISP's have been informed and a substantial number of ISP's in other countries as well. There are WWW pages documenting the problem and the fixes although this part could be done better and more systematically. Some magazine articles have been published or are in progress to explain source filtering and there are two people writing up a BCP on the topic. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
Hans, I understand, I am fairly serious as well. And I like your Star Trek analogy..... On a similar cynical note, I was skating yesterday in the Virginia countryside and stopped to rest over a creek. There I watched a turtle lying in the sun in a pollution ravaged creek and thought to myself.... "Man has this ability to reason, so by default, should take responsibility not to destroy the lives of all the other creatures on the earth; however, there may very well come a day when turtles have all died due to mankind's irresponsibility toward the planet and it's fragile creatures and other life forms." You realize that you are losing your innocence when you begin to believe that 'what is right' is not 'what will happen' (at least in our mortal lifetimes). ANYWAY, I'll end the lamentation and end with this: ---------------------------------------------------- Wake me up in the year 2001 - Melissa Etheridge ---------------------------------------------------- Tim PS: However, on the brighter side, who is going to draft this BCP?
ISP implementing filters for packets with false source addresses. Why does there need to be co-ordination? Surely most ISPs would implement this now they know there is a problem and they can fix it. We just need to put out a request to ISPs I would suggest this is done directly rather than through 'bodies' such as IEPG Peter Dawe Hans-Werner Braun said...
I am actually fairly serious. The tremendous amount of email this generated amazes me. With the amount of effort going into that, I suspect may be 40% or more of the problem could already be alleviated if people would just go out and coordinate and do it. Yes, it will not resolve things at the 100th percentile, but what are we optimizing for? A solution for generations to come? Or something that helps, and that can perhaps be augmented by some other means, such as spot measurements (especially for events that last hours).
All reminds me actually a little of the movie Star Trek Generations, when Picard an Soran were on this planet, about minutes away from the whole star system being blown to kingdom come, Picard helplessly throwing little rocks at the shield, and Soran asking him something like "don't you have anything better to do."
... ------------------------------------------------------------------------------------- Peter Dawe All messages copyright reserved Peter@home.pipex.com; +44 (0) 1223 237700; GSM +44 (0) 385 394554 71 High Street, Oakington, CAMBRIDGE, CB4 5AG, UK
We just need to put out a request to ISPs
I would suggest this is done directly rather than through 'bodies' such = as IEPG
Peter Dawe
Peter, how do you suggest sending a request "directly" to all ISPs in the world? Is there is a mailing list for them? Brian Carpenter
On Mon, 23 Sep 1996, Brian Carpenter CERN-CN wrote:
We just need to put out a request to ISPs
I would suggest this is done directly rather than through 'bodies' such = as IEPG
Peter, how do you suggest sending a request "directly" to all ISPs in the world? Is there is a mailing list for them?
I'm on about 8 ISP mailing lists. About half of North America's ISP's are there and many from other countries. I have posted most of the action items regarding SYN floods to those lists and I'm sure this stuff is picked up and passed on to other lists like the Philippine ISP mailing list. There are also the various magazines that many ISP's follow and these are all doing stories on the SYN floods. Since people like me who pass this info around directly to ISP's cannot yet afford to attend NANOG meetings it might be a good idea to make sure that "action items" for ISP's get posted to this list. It's not perfect but then, that's the real world for ya. :-) Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
We just need to put out a request to ISPs
Peter, how do you suggest sending a request "directly" to all ISPs in the world? Is there is a mailing list for them?
I guess it is possible to send them (requests) to techcontacts of all NET domains. Of course, there are many ISPs in COM too, but it's better than nothing... Just my 1c, Edgar
Peter, how do you suggest sending a request "directly" to all ISPs in the world? Is there is a mailing list for them?
Brian Carpenter
... How about a chain letter.. to the wholesale and backbone providers, I've received a number of copied of the email virus 'Good News'! Peter Draft: Dear Internet provider, you may be aware that hackers have been using a new approach to denial of service attacks. This involves using SYN packets with false source addresses. I order to reduce the Internets vunerability we are requesting that you initiate filters on you customer connection which confine their transmission to packets with source addresses within the customers IP range. For further details please go to www.???.??? In order to reach all ISPs we also request that you forward this to any ISPs you know with the subject unaltered as PLEASE ACTION THIS.. SYN ATTACK Do not forward this after 30th September. You may wish to filter all future emails deleting repeat emails with this subject line Brian Carpenter CERN-CN said... ------------------------------------------------------------------------------------- Peter Dawe All messages copyright reserved Peter@home.pipex.com; +44 (0) 1223 237700; GSM +44 (0) 385 394554 71 High Street, Oakington, CAMBRIDGE, CB4 5AG, UK
participants (6)
-
Brian Carpenter CERN-CN -
Edgar Der-Danieliantz -
Hans-Werner Braun -
Michael Dillon -
Peter Dawe -
Tim Bass