[4107] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Aug 20 05:39:18 1996
From: Alan Cox <alan@cymru.net>
To: nelson@crynwr.com
Date: Tue, 20 Aug 1996 09:47:37 +0100 (BST)
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <19960820033156.9524.qmail@ns.crynwr.com> from "nelson@crynwr.com" at Aug 20, 96 03:31:56 am
> SYN is if, when you respond to it, they respond back. So, not only
> does a SYN flood suck up your incoming connection, the only defense
> against it (that *I* can see) involves sucking up your outgoing
> connection with responses.
>
> Sounds like a problem that needs to be solved in user space.
What is supposed to solve it is that a) any competent provider and
backbone providers links should be filtering frames with a bogus source
address and b) because of that you know where the frames really came
from.
A provider not filtering bogus source addresses deserves (IMHO) to go
down in flames in court as negligent if their failure to do this kind
of basic filtering for the good of the net as a whole causes problems.
Alan
