"David J. Schmidt" writes:
How likely is Panix to go under from this? Admittedly incomming
connections are seriously effected, but if Panix were to filter out
incoming SYN's at their entry points could their customers still do
outbound browsing?
Panix makes a considerable fraction of their income from web hosting,
which is an incoming operation. Luckily, the situation was palliated
by hardening the system kernels and also the attacks have subsided,
possibly because they were no longer particularly effective.
Bottom line, exactly how is this attack effecting Panix servers and
what are they able to do to at least operate in a degraded fashion
during these attacks? What could *I* do if my site were attacked?
Right now? If you don't have system source to your kernels I would say
you are hosed. I would suggest trying to work to get lots of ISPs to
filter outgoing packets. Its the surest defense for
everyone. Additionally, if you do have sources to your kernel there
may be fixes that can be made in advance of vendors announcing
patches.
BTW, if anyone is actually being attacked right now, please get in
touch with me.
Perry