North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: SYN attack makes NandO Times as well...
Michael A. Patton put this into my mailbox: > > The NandO Times also has an article, from The Associated Press, on this. It was all over the news radio stations in the San Francisco Bay Area this morning, as well. Far be it from me to complain, but it has been going on for a week now. I've been silently reading the debates on how to find it, what to do to prevent it, etc. etc. I've been led to understand that one simply needs to set up some small temporary filters in each router, find the interface the packets enter from, and go onto the next router from there. This is where my greenery shows. I've never configured a router before, don't know a thing about BGP, and have no practical knowledge beyond what I've seen here on finding out how to trace something like this. But I would think that tracing something like this and finding the culprit shouldn't take more than a day or so - trace back through the path from which a majority of packets destined for panix.com originate and find the guy. What this leads me, a somewhat technical person but nowhere near as knowledgeable as most denizens of this list, to believe is that somehow the intermediate providers are playing politics of some sort and are refusing to help each other, or are assigning this a low priority. I honestly don't mean to insult or offend anyone - for all I know, everyone here could be spending all their time looking for the culprit. But from that AP article, and from everything I've heard, everyone's just talking about it and wincing at poor Panix. I hesitate to think what might happen if I became the victim of a SYN flood like this. Perhaps someone could set me straight about what's going on - or am I dead on about the Tier 1's not cooperating with Panix and giving this a high priority? (as I believe it should be given - it's been going on for a bloody week now.) And if it is politics, maybe someone'll listen to this: Lucent Technologies and CERT (as is right) are getting the limelight for this - wouldn't it be great publicity if your company was the provider or one of the providers that traced this down and caught the guy? I'd like to think cooperation among internetizens- even if they're competitors- is still very much alive. I hope I'm not just being idealistic. -dalvenjah Dalvenjah FoxFire, the Teddy Dragon (also known as Sven Nielsen to some :) firstname.lastname@example.org --- dalvenjah on IRC Remember: if you're not on DALnet, you're on the wrong IRC server!! (/serv irc.dal.net 7000 or telnet telnet.dal.net to try it out) -- ____ _ _ _ "I had the dagger in my hand, and he has | _ \ __ _| |_ _____ _ _ (_)__ _| |_the indecency to start dying on his own!" | |_) / _` | \ V / -_) ' \ | / _` | ' \ --Ambassador G'kar, Babylon 5 |____/\__,_|_|\_/\___|_||_|/ \__,_|_||_| FoxFire -- email@example.com -- (SN90) |__/ - - - - - - - - - - - - - - - - -