Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: how to protect name servers against cache corruption

  • From: Jon Lewis
  • Date: Sat Aug 02 23:53:14 1997

On Thu, 31 Jul 1997, Thomas H. Ptacek wrote:

> > MAE's) you can do it with impunity and effectively knock entire ISP's off
> > the internet.
> 
> I'm unaware of any attacks occurring now that do not leverage superior
> bandwidth (ie, ping flooding from a DS3 a DS1 circuit) that are not
> addressed in some manner at an operating system or user level. 

Many educational institutions have greater than T1 bandwidth to the net,
and these seem to be the easiest places for anyone to just walk in and get
ethernet access (with no authentication) to a T1 or better, and proceed to
wreak havoc on the net. 

I'd wager I could walk into a computer lab at the local university, and
using either windows tools or linux on a floppy, do incredibly destructive
things without being caught...probably without being noticed...assuming
they do no filtering of traffic (based on source address) leaving their
network, and assuming I don't sit there indefinitely.

> This is not a valid answer. People who think that the entire Internet can
> be globally configured to prevent packet forgery from occurring in the
> first place are deluding themselves, and I think we, as Internet

Can or will?  If there are reasons the entire net cannot be made IP source
address forgery safe, enlighten me.  I don't disagree that the likelyhood
of this actually happening are right up there with me being declared
Emperor of the US next week, but just because total success is highly
improbable doesn't mean resistance is futile.

------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
________Finger jlewis@inorganic5.fdt.net for PGP public key_______





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.