[4247] in North American Network Operators' Group
Re: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Vektor Sigma)
Mon Sep 9 21:30:57 1996
Date: Mon, 9 Sep 1996 21:29:34 -0400 (EDT)
From: Vektor Sigma <ae687@freenet.carleton.ca>
To: nanog@merit.edu
In-Reply-To: <199609091719.NAA24855@jekyll.piermont.com>
On Mon, 9 Sep 1996, Perry E. Metzger wrote:
> I think its time for the larger providers to start filtering packets
> coming from customers so that they only accept packets with the
> customer's network number on it.
>
> Yes, its a load on routers. Yes, its nasty for the mobile IP weenies.
> Unfortunately, the only known way to stop this.
On my private network I can send 600 or more SYN packets to my telnet port
(w/faked, unreachable source addresses + random seq numbers), yet the
port doesn't seem to be flooded.
It's a linux box.
The telnet daemon seems to be able to tell the difference between a faked
packet and a real one. Even when spoofing from localhost, it reports a
connection from unknown.
Obviously, there seems to be a solution to this problem. ??
--
Billy Biggs
Ottawa, Canada
