Date: Fri, 13 Sep 1996 09:42:44 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: Terry Lambert <terry@lambert.org>, fenner@parc.xerox.com, karl@mcs.net, freebsd-hackers@freebsd.org, koshy@india.hp.com Subject: Re: SYN Resisting (fwd) Message-ID: <Pine.SV4.3.93.960913093258.26980B-100000@parkplace.cet.co.jp> In-Reply-To: <199609122320.QAA11411@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Sep 1996, Darren Reed wrote: > > Other than that, I was a little peeved at blaming the US with the blanket > > statement that the loss was on the US end of things. Ignoring perfectly > > valid source quench requests (from *non*-ICMP ATM routers) is only one > > of the possibilites that could be considered before calling everyone > > managing NSP in the US incompetent. > > I think that some people are unaware of congestion at/in points such as > their West Coast (i.e. LA/Bay Area) where multiple, full, pipes start > for international destinations. IIJ has a T3 into Mae-west and another one into NY-NAP. > On the other hand, our local telco is probably no better than Sprint/MCI. > > I suspect that most NSP's in the USA don't provide international access. MCI and ATT WorldNet each have a T3 link to Japan. > The point being, when your network is all peachy from end to end, having > low timeouts is (maybe) acceptable, but when your endpoints are in > diverse locations and throughput is not 100%, who is really winning ? The ones that can throw money at it. > If the attacker is trying to cause denial of service, then it may be > achieved by the other end when they make it harder for real users to > connect quick enough. > > To my thinking, this is a silly solution (but a reasonable patch for the > sysctl :) to the SYN problem. The problem must and can only be fixed > with correct filtering by all ISPs so long as we use the current IP. I'm not sure what's easier, to get all ISP's to do correct filtering or to get everyone to move to a new IP. Regards, Mike Hancock
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.93.960913093258.26980B-100000>