New Denial of Service Attack on Panix

From: Avi Freedman <>

  >Subject: Re: New Denial of Service Attack on Panix

  >Sigh. My feeling is that host-based solutions should be discussed
  >on inet-access, but mentioned briefly also on nanog so that providers
  >can note them to give pointers to their customers.
  >And there probably is too much SYN-related traffic on nanog anyway.
  >The plea has been made: You should - or you should encourage your
  >customers to - filter garbage inbound to you from them or outbound from
  >them to you. You should come up with a plan to nail the source of
  >SYN attacks quickly if the trail leads to your network as the source.

Short term, this discussion seems appropriate for nanog.

On topic: Most of the discussion has been about stopping these general
kinds of attacks from dial-up providers, ISP's. I've not heard much
about what seems to be the other major source of potential problems,
namely universities and schools.. They seem to provide a somewhat more
involved challenge in the effort to source filter outbound packets.

It's hard to imagine an NSP that is serving a regional attempting to put
packet filters on a 7xxx servicing a fully loaded ds3 or two that is
connected to a regional, much less the management nightmare that
upkeeping that filter would be. So it has to happen closer to the
source. It would be interesting to hear an opinion from some networking
folks at the regionals or at campuses about whether this kind of
filtering can or will be done...


Disclaimer - This is *not* an attempt to slam anybody, just to