New Denial of Service Attack on Panix


IMO, just 'getting the word out' in mailing lists, newsgroups and WWW sites
is not an effective way to mitigate the denial-of-service attacks under
consideration. Here is why.....

When a security hole is found, for example a buffer problem in a networking
daemon, 'getting the word out' is effective, because the end user is
highly motivated to correct the problem because the problem effects
whomever directly (and those who do not fix the problem only effect their
sphere of influence, not the entire Internet community).

However, in the instance of these DoS attacks, the lower tier ISP is not
significantly motivated to take corrective actions because the
results have little direct or immediate effects on business ops.
Furthermore, if the provider fails to maintain the filter list or
even configure the lists in the first place, little or nothing
will effect day to day operations (because more pressing matters
are in most businesses radar screen, i.e. surviving !)

It is for this one reason; the security problem effects users
*outside* the providers influence and not inside, merely
providing information is a good, but not an effective, way of mitigating
the situation, especially in the short term.

Continuing with a suggestion.....

Overly simplifed, the net is loosely organized along a routing
hierarchy with level 0 transit providers at the top. The level
0 providers might agree not to provide services to lower tier
providers or customers that do not provide a means of verifying
that source route filters are in place (repeat this for lower
tiers ...... ) { what is the international organization to
do this?, or should there even be one ?)

Also, to make matters easier, a WG might be formed, chaired
by level 0 provider(s) perhaps, working on both the admin policy and
a set of software verification tools to do verification 'magic'
on the filters as envisioned by the WG.

Furthermore, because the success of this venture is important
to, not only providers, but commerce as a whole, ISI, MERIT,
or some other org with hooks into the Internetworking Money
Flow (IMF :slight_smile: from NSF or DARPA, etc. might consider putting together
a white paper to request additional funding to develop the
software tools and manage the releases.


this idea is not falling on 'blind eyes' (as opposed to 'deaf
ears' :slight_smile: IMO, just 'getting the word out' is not enough to
take a significant bite out of this problem. The first
step to significantly mitigate DoS attacks has been taken
(getting the word out), but, IMO, a greater, second step
should be in our radar now.

Thanks for your patience,