New Denial of Service Attack on Panix

Tim Bass writes:

There is no reason to be hostile to me, I'm not the attacker.

You are, however, walking in when you are obviously quite unaware of
the details of the situation and proclaiming that you know better than
everyone else. You obviously do not understand the attacks. You do not
know what people actually involved have been doing to try to solve
them. You also proclaimed, in advance, that the problem is simple and
by implication that the world class talent that has been looking at
the problem is stupid. In short, you are arrogant and ignorant.

An attacker sends a stream of packets to (fill in the blanks)
one hosts, two hosts, a subset of hosts in a network? And
the packets arrive with a frequency of ------? and the
average available bandwidth of the attack flow is -----?
and the average time each packet changes the pseudo random
IP source addreses are?

Has it occurred to you that even if there were characteristics that
could be used to filter the packets that the attacker might change the
characteristics of what he was sending to get around them?

No set of characteristics is available for filtering, because no
single set of characteristics will occur in all possible attacks. Any
software that assumes that the attacker, say, incremented the port
number by 10 every time, or what have you, would simply be evaded by
the next attacker or by the same attacker on later attacks. Indeed, in
the case in question, filtering was used against consistant
characteristics of the attack and then failed when the attacker
changed tactics to evade the filtering. This is an arms race that
cannot be won. There is no consistant mechanism that can both filter
the attacks and not hurt legitimate users.

I, we, can't however, solve a problem if it is not clearly

Perhaps I, we, don't have any reason to tell you more details than you

Yes, I'm arrogant and believe that given the details and
the specifications of the problem, we can solve it and yes
I believe that whining about it does little to solve the
problem or help make the IP work a better place.

Mr. Bass, I'd say what I think of you at this point, but this is a
family mailing list. Before you lose all respect that anyone has for
you, be quiet, go away for a few days, and learn that other people
working on a problem are not necessarily imbeciles just because they
aren't you. Very smart people have looked at the specific problems in
question. There are some good answers to the problem -- origination
filtering and hardening hosts by fixing the algorithms that manage the
infant connection queues in kernels. People are now busily working on
both of these. Your comments, however, belong more to the problem set
than to the solution set. If you expect to get respect, you will first
have to give some to others.