Eric Schubert writes:
>If you put your HP behind a router that supports active filtering, like a
>CISCO router, you could "stop" an attack to your host by defining a filter
>right quick to deny access from the attacker's IP address point.  But this
>could escalate into a cat and mouse game and waste everybody's time.
>
>Any other suggestions?
 
Unfortunately, this does not work. The attack relies on spoofed source IP
addresses which are random, so there is no information on which a filter
can operate. The same characteristic makes it very difficult to trace the
source of an attack through the router network. The perpetrator's ISP
_may_ be able to foil the attack by filtering, but that won't work if the
perpetrator has a direct backbone connection, say at a university or a
large company -- or at an ISP. But once the packets are in the Internet,
there's no way to separate them from legitimate traffic.
 
I'm trying one particular fix in Linux that should mitigate the problem,
but I'm reluctant to give details on the newsgroup. Whether this works,
and whether HP will incorporate the same sort of thing, remains to be
seen.
 
I'm normally very liberal on social issues, but in this case, if the
process of apprehending the individual responsible for this attack
somehow resulted in the removal of his fingers, I would have difficulty
finding the time in my busy schedule to raise any kind of a protest. I
have better things to do than diddle network code.
 
-- Bruce
 
 
--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
[log in to unmask]                   |     -- Edna St. Vincent Millay