[4296] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (Avi Freedman)
Wed Sep 11 13:13:48 1996
From: Avi Freedman <freedman@netaxs.com>
To: jtk@nap.net (Joseph T. Klein)
Date: Wed, 11 Sep 1996 13:11:03 -0400 (EDT)
Cc: jon@branch.com, alexis@panix.com, nanog@merit.edu
In-Reply-To: <199609111604.LAA24176@Bluebill.nap.net> from "Joseph T. Klein" at Sep 11, 96 11:04:18 am
> > I don't know, but since nobody else seems to either, how about a
> > router box that detects excessive SYN activity and then automatically
> > blocks that ip address for awhile? I suppose it just means that
> > the attacker has to vary the source address rapidly.
> >
> If they modulate the phasers we just need to modulate the sheilds. :-O
>
> If someone comes up with a good solution we will be glad to impliment it.
> --
> /*Joseph T. Klein * Keep Cool, but Don't Freeze
> * NAP.NET, LLC *
> * phone +1 414 747-8747 * - Hellman's Mayonnaise
> * http://www.nap.net */
Well, it's a good analogy (modulating the phasers).
But they're *randomizing* the phasers...
Avi
