1996-09-12 - Re: PANIX.COM down: denial of service attack
Header Data
From: Duncan Frissell <frissell@panix.com>
To: cypherpunks@toad.com
Message Hash: 94dab28f9b8647e64c39098a6b96b04b4041ac651c98c76b1a8168febdda8313
Message ID: <2.2.32.19960912182630.008b6324@panix.com>
Reply To: N/A
UTC Datetime: 1996-09-12 21:55:20 UTC
Raw Date: Fri, 13 Sep 1996 05:55:20 +0800
Raw message
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 13 Sep 1996 05:55:20 +0800
To: cypherpunks@toad.com
Subject: Re: PANIX.COM down: denial of service attack
Message-ID: <2.2.32.19960912182630.008b6324@panix.com>
MIME-Version: 1.0
Content-Type: text/plain
Here are the gory details from the first MOTD last Saturday:
The attacker is forging random source addresses on his
packets, so there is no way to find his/her location. There
is also no way to screen out those packets with a simple
router filter.
This is probably the most deadly type of denial-of-service
attack possible. There is no easy or quick way of dealing
with it. If it continues into Saturday we will start working
on kernel modifications to try to absorb the damage
(since there's absolutely no way to avoid it). This
however will not be an easy job and it could take days to
get done (and get done right).
For those who are IP hackers, the problem is that we're
being flooded with SYNs from random IP addresses on
our smtp ports. We are getting on average 150 packets
per second (50 per host).
We are not the only site being attacked in this way. I
know of one other site that is being attacked in an
identical manner right now, and I know of three others
that have been attacked in the last two weeks. I hope that
this means that the attacker is merely playing malicious
games, and will soon tire of molesting our site. If that is
the case, mail will come back up as soon as the attack
ends. But if the attacker is really interested in damaging
Panix specifically, the attack may *never* stop and
service won't be restored until we can write kernel
modifications.
Since then the packet streams have hit almost all the ports for news, www,
telnet, etc.
DCF
Thread
Return to September 1996
- Return to “Duncan Frissell <frissell@panix.com>”
- Return to “M C Wong <mcw@hpato.aus.hp.com>”
Return to ““Perry E. Metzger” <perry@piermont.com>”
- 1996-09-12 (Fri, 13 Sep 1996 05:55:20 +0800) - Re: PANIX.COM down: denial of service attack - Duncan Frissell <frissell@panix.com>
- 1996-09-13 (Fri, 13 Sep 1996 16:16:02 +0800) - Re: PANIX.COM down: denial of service attack - M C Wong <mcw@hpato.aus.hp.com>
- 1996-09-13 (Fri, 13 Sep 1996 14:57:55 +0800) - Re: PANIX.COM down: denial of service attack - “Perry E. Metzger” <perry@piermont.com>
- 1996-09-13 (Fri, 13 Sep 1996 15:21:59 +0800) - Re: PANIX.COM down: denial of service attack - M C Wong <mcw@hpato.aus.hp.com>
- 1996-09-13 (Fri, 13 Sep 1996 15:36:10 +0800) - Re: PANIX.COM down: denial of service attack - “Perry E. Metzger” <perry@piermont.com>
- 1996-09-13 (Fri, 13 Sep 1996 15:21:59 +0800) - Re: PANIX.COM down: denial of service attack - M C Wong <mcw@hpato.aus.hp.com>
- 1996-09-13 (Fri, 13 Sep 1996 14:57:55 +0800) - Re: PANIX.COM down: denial of service attack - “Perry E. Metzger” <perry@piermont.com>
- 1996-09-13 (Fri, 13 Sep 1996 16:16:02 +0800) - Re: PANIX.COM down: denial of service attack - M C Wong <mcw@hpato.aus.hp.com>