David Miller wrote:
>
> Michael Dillon writes:
> >
> > > Could we drop the SYN/Denial thread? It's becoming rather base.
> >
> > The discussion could always be moved to the firewalls list.
>
> I would suggest that it not be. This is actually a crisis that has to
> be solved by action taken by service providers working together, and
> does not involve conventional firewalls per se. I would say that it
> is therefore germane to Nanog.
If we're voting, I'd say inet-access. SYN attacks and defense are more
centered on the ISP's than the backbones.
Those of us running backbones (well, some of us, anyway) are spending
a portion of our energies tracing these attacks. The discussion
here is proving helpful, and I definitely think it should continue.
What sort of experiences have people had eliciting cooperation from
other providers, when attempting to trace? I'm currently attempting to
trace one, and have gotten it to the edge of our network, but have spent
the last twelve hours attempting to get cooperation from the NSP at mae-west
I've tracked it to.
+j