nanog mailing list archives
Re: SYN floods
From: "Kent W. England" <kwe () 6SigmaNets com>
Date: Tue, 17 Sep 1996 13:53:47 -0700
At 10:47 AM 9/17/96 -0700, Michael Dillon wrote:
Some part of the discussion involves the technical details of hardening OS kernels as well as a couple of alternate solutions for defending against the attacks involving either a SYN proxy or a machine feeding RST's. These technical details belong on the firewalls list because the people on that list work with building DEFENSIVE mechanisms.
Except that what we need are routers implementing traffic filtering on ISP input ports rather than firewalls defending customer premises from attacks coming from the ISPs. I think we are dealing with two different markets and two different groups of people. I don't think that ISPs will protect themselves from this denial of service attack with firewalls. This is a router requirement.
inet-access and other ISP mailing lists are most relevant for the PREVENTION of SYN flood attacks. This is where we need to hammer home the need for filtering outgoing routes.
Filtering incoming traffic against legitimate source addresses. The most important point is that if we all decide that defense and tracing are of limited utility and that filtering is the only way to stop these attacks, then we need a few people who read the nanog and iepg lists to stand up and say "I will filter and I expect you to do the same if you want to peer with me." Otherwise, it will be difficult for any single ISP to justify being the first to install peripheral filtering. We must have a consensus to move on this issue. Call it "peer pressure". :-) --Kent - - - - - - - - - - - - - - - - -
Current thread:
- Re: SYN floods Kent W. England (Sep 17)
- Re: SYN floods Michael Dillon (Sep 17)
- Re: SYN floods Erik E. Fair (Sep 17)
- <Possible follow-ups>
- Re: SYN floods Leonid Egoshin (Sep 17)
- Re: SYN floods Paul Ferguson (Sep 18)