Re: The "Mac DoS Attack," a Scheme for Blocking Internet

From: der Mouse (mouseat_private)
Date: Thu Dec 30 1999 - 11:00:49 PST

Next message: Joel Jaeggli: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"

Previous message: Doug Siebert: "Fix for HP-UX automountd/autofs exploit (fwd)"
Next in thread: Joel Jaeggli: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> [...new(?) smurf-style DoS attack...]

> Prevention
> [...]
> The Internet Service Providers (ISPs) must take action to drop long
> ICMP packets in the backbone networks (any packet longer than 1499
> bytes, at least).

This strikes me as a very bad idea.  It's rather like saying, NFS can
be used to attack insecure machines, so let's block NFS packets on
long-haul links: yes, it's true that such attacks are possible, but the
facility is useful and the *correct* thing to do is to secure the
insecure machines, not break the (useful) underlying facility for
everyone else.  (Rather like the SSRR and LSRR IP options, though I
realize *that* fight was in practice lost long ago.)

					der Mouse

			       mouseat_private
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: Joel Jaeggli: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"
Previous message: Doug Siebert: "Fix for HP-UX automountd/autofs exploit (fwd)"
Next in thread: Joel Jaeggli: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:25:11 PDT