From Fri Sep 20 11:42:29 1996
From: Michael Dillon <>
To: nanog@MERIT.EDU
Subject: Re: SYN floods

> The most important point is that if we all decide that defense and tracing
> are of limited utility and that filtering is the only way to stop these
> attacks, then we need a few people who read the nanog and iepg lists
> to stand up and say "I will filter and I expect you to do the same if you
> want to peer with me." Otherwise, it will be difficult for any single ISP
> to justify being the first to install peripheral filtering. We must have
> a consensus to move on this issue. Call it "peer pressure".  :-)

You can also frighten people like so...

Copyright 1996 by Michael Dillon, All Rights Reserved

By now everyone is well aware of the exploits of the legendary hacker
Kevin Mitnick who broke into computers at the San Diego Supercomputer
Center administered by Tsutomu Shimomura by using a couple of techniques
known as source spoofing and SYN flooding. But few people are aware that
these techniques have now been mastered by many other hackers estimated to
be 20,000 strong in the USA alone. And surprisingly, few Internet sites
have protected themselves from such attacks by installing simple source
address filters on their routers. A variation on this type of attack shut
down a New York ISP for hours at a time over a four day period early in

Anyone responsible for any services connected to the Internet should see
to it that basic source address filters are installed in their routers.
These filters will ensure that no packets can enter your network
pretending to be from a trusted machine inside your network. And they will
prevent packets from leaving your network unless they have proper local
source addresses on them. The incoming filters will protect you from
external spoofing attacks by hackers while the outgoing filters will
ensure that you cannot be used as a launching board for hacker attacks and
thus protect you from legal liability.

-----------------end of sample---------

Add some technical details on how to implement source address filtering
and you will get LOTS of sites to install these filters. The copyright
notice is up there because I intend to approach various magazine editors
regarding an article on the subject. But if somebody wants to take a
similar approach on a web page or a mailing list or at LISA or at NANOG or
wherever, I think this is an effective angle to take. You know what they
say; most people don't get the message until they read something for the

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049             -               E-mail:

Last modified