[4292] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (Joseph T. Klein)
Wed Sep 11 12:10:35 1996
From: "Joseph T. Klein" <jtk@nap.net>
To: jon@branch.com (Jon Zeeff)
Date: Wed, 11 Sep 1996 11:04:18 -0500 (CDT)
Cc: alexis@panix.com, nanog@merit.edu
In-Reply-To: <m0v0pK7-000NjGC@aero.branch.com> from "Jon Zeeff" at Sep 11, 96 09:27:22 am
>
>
> I don't know, but since nobody else seems to either, how about a
> router box that detects excessive SYN activity and then automatically
> blocks that ip address for awhile? I suppose it just means that
> the attacker has to vary the source address rapidly.
>
> > Anyway. Point is this: We can't take too much more of this, nor can our
> > customers. I have yet to hear *anyone* come up with any ideas even remotely
> > reasonable for how to deal with this situation, long term, except for the
>
>
If they modulate the phasers we just need to modulate the sheilds. :-O
If someone comes up with a good solution we will be glad to impliment it.
--
/*Joseph T. Klein * Keep Cool, but Don't Freeze
* NAP.NET, LLC *
* phone +1 414 747-8747 * - Hellman's Mayonnaise
* http://www.nap.net */