nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: dvv () sprint net (Dima Volodin)
Date: Thu, 3 Oct 1996 08:40:57 -0400 (EDT)
And if everyone doesn't make any attacks we won't have any problems either. To rephrase - relying on ingress filtering is putting your security in someone other's hands, doing host-based stuff is protecting yourself with your own hands. To rephrase once again - doing ingress filtering is "being conservative with what you produce", being able to cope with SYN floods on the host level is "being liberal on what you accept." We need both, and overemphasising one side of the solution will do a lot of harm. Dima Paul Ferguson writes:
Well, that's true, but it's a different facet of the same problem. The draft only attempts to solve what it is that we can solve be ingress filtering. Solutions using firewalls or proxy devices which defat this type of attack are a Good Thing, but if everyone does ingress filtering, a large percentage of this problem disappear. - paulThus host-(and firewall-)based solutions are at least as important as the ingress filtering. As of the evidence of these attacks - they were evident long before the current talking. Dima
- - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
- SUN: Re: New Denial of Service Attack on Panix Allan Chong (Oct 03)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Oct 03)
- Re: TCP SYN attacks Ran Atkinson (Oct 03)
- Re: TCP SYN attacks Zach (Oct 03)
- Re: TCP SYN attacks Avi Freedman (Oct 03)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
- Re: New Denial of Service Attack on Panix Avi Freedman (Oct 03)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix Avi Freedman (Oct 03)
- Re: New Denial of Service Attack on Panix Daniel W. McRobb (Oct 03)