From: Cynthia Dale (silly@redhat.com)
Date: Thu Feb 24 2000 - 16:13:20 PST
it does not completely eliminate the problem. I have been taken down (my
chicago box) many times, easy as pie, with the current tcp floods. All
ICMP and UDP (besides DNS) is filtered at the backbone, but alas, I cannot
allow anyone on IRC because of being flooded (read: can't offer shell
accounts). AFAIK, the only way to truly fix this is to go to ipv6, which
does not have the bug that allows spoofing. If I'm misunderstanding this,
that's okay, I'm used to misunderstanding things. (: However, the only
real solution to the problem atm is to log, communicate, and prosecute.
The problem with this is that there are so many different ways to
communicate with others about thisproblem, and, because of the spoofing,
it is very hard to find out who initiates the attack. And then there's
the issue of responsibility. If I leave my systems all insecure and they
are hacked and used in a DDoS, am I liable? What if my system/network was
compromised by a bug not known/patched? Am I still liable? What if I
don't log all the things needed to catch/prosecute someone? Am I liable?
And last, but not least, how can I capitalize on this? -wink-
C
On Thu, 24 Feb 2000, Stephen D. Williams wrote:
> Manoj Kasichainula wrote:
>
> > On Thu, Feb 24, 2000 at 11:16:04AM -0500, John Klassa wrote:
> > > Instead, Microsoft suffered what Sohn called a ``syn-flood'' attack
> > > that disrupts communication between a PC and the Web site server so
> > > that the server continually sends requests asking for the visiting
> > > computer's identification, devouring its processing capacity.
> >
> > I don't know the technical details (sigh; first step to becoming a
> > manager), but aren't there already pretty effective workarounds to
> > work around SYN floods? I know that I was able to enable SYN cookies
> > and RST cookies to alleviate the problem more than 3 years ago.
> >
> > If so, what's the big deal?
>
> Yes, Linux for instance supports SYN cookies that completely eliminates the
> problem. Packets will be responded to once and then forgotten.
>
> The other recent attacks were not SYN flood related AFAIK.
>
> sdw
>
> --
> Insta.com - Revolutionary E-Business Communication
> sdw@insta.com Stephen D. Williams Senior Consultant/Architect http://sdw.st
> 43392 Wayside Cir,Ashburn,VA 20147-4622 703-724-0118W 703-995-0407Fax Jan2000
>
>
>
Cynthia J. Dale
Technical Engineer/FAQ maintainer
Red Hat, Inc.
fnord.
This archive was generated by hypermail 2b29 : Thu Feb 24 2000 - 16:16:24 PST