Panix, a major service in NYC ground to a near halt recently and the following was posted on it's motd (message of the day): The attacker is forging random source addresses on his packets, so there is no way to find his/her location. There is also no way to screen out those packets with a simple router filter. This is probably the most deadly type of denial-of-service attack possible. There is no easy or quick way of dealing with it. If it continues into Saturday we will start working on kernel modifications to try to absorb the damage (since there's absolutely no way to avoid it). This however will not be an easy job and it could take days to get done (and get done right). For those who are IP hackers, the problem is that we're being flooded with SYNs from random IP addresses on our smtp ports. We are getting on average 150 packets per second (50 per host). We are not the only site being attacked in this way. I know of one other site that is being attacked in an identical manner right now, and I know of three others that have been attacked in the last two weeks. I hope that this means that the attacker is merely playing malicious games, and will soon tire of molesting our site. If that is the case, mail will come back up as soon as the attack ends. But if the attacker is really interested in damaging Panix specifically, the attack may *never* stop and service won't be restored until we can write kernel modifications. Scary stuff. We'll keep you posted. This happened a couple of weeks ago.

Laura Lemay explained it like this, actually one of her boyfreinds explained it to her and she passed this along: " You can't block forged packets at the router, he says, but you can hack with the TCP stack (in the kernel) so that the machine will absorb them better. He explained it to me like this: TCP stacks have basically a list of incoming TCP connections. When a connection is made, it gets a spot in the list. The TCP stack then handles each connection in parallel, either handling it or dropping it on the floor once it times out. By default, however, the timeout for incoming connections is 75 seconds. 99.999% of TCP connections are handled way faster than that. For most uses of TCP, that doesn't matter all that much because there are enough slots in the list to handle all the incoming connections. With the panix attack, because there are so many connections coming in at once, the slotsin the list fill up, and each one is only emptied once every 75 seconds. You can't get a legitimate connection in to be processed. THe solution, therefore, is to expand the list and to shorten the timeout. It won't stop the attack, but it'll make the machine better equipped to deal with it and ordinary reqeusts more likely to get through." - from Laura Lemay, well known author of books on java and html

And the bad news that the software that sens SYN bombs is widely available on the net. It's menu driven: A. Choose the site you want to SYN bomb". This may become a major problem on the net in weeks to come.

Here's the answer: I don't know if this fits the bill, but there used to be a ventured-backed startup called nFX out of the MIT Media Lab that did something that could be construed to be "text-to-avatar" stuff. They had a technology that allowed an animator to create a "template" for a cartoon character by feeding the system several line drawings of it in various positions and specifying areas of it as nose, eyes, etc. Once you did that, then it would automatically generate animations based on textual commands (literally stage directions: "walk three steps to the left"). Had wonderful potential for the web, as the textual commands were very low bandwidth and pretty comprehensive. It seems is still alive. And here's the question: -----Original Message----- From: Carol Curry [mailto:ccurry@poet.com] Sent: Monday, March 02, 1998 7:04 PM To: terry@www.spring.com Subject: text to avatar Terry, Do you know of a product and/or company that does text to avatar translation? We're building an NT-based content management demo and we want to include this feature. Thanks for any help you can provide. CKC Carol Kay Curry VP Marketing POET Software (650) 286-4640 ccurry@poet.com

Wish I did...

At least my current provider is slower than my last, ISDN or no ISDN.

I am regularly logged on at 49.333 bps