[4109] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Lefty)
Tue Aug 20 12:26:47 1996
Date: Tue, 20 Aug 1996 15:10:15 GMT
From: lefty@sliderule.geek.org.uk (Lefty)
To: alan@cymru.net, nelson@crynwr.com
Cc: linux-net@vger.rutgers.edu
> What is supposed to solve it is that a) any competent provider and
> backbone providers links should be filtering frames with a bogus source
> address and b) because of that you know where the frames really came
> from.
Well, I dont think that this is the total solution.. All a Syn flooder
requires is a valid routable address with no machine atached to it..
while 1.2.3.4 works, you will prolly get a host unreachable or network
unreachable, which will kill the connect.. However how many ISP's have
dynamic IP's that arent in use? It would be very easy for me to find
a couple and syn flood from that, how would a provider know to block those
IP's? And with the new small almost clueless new ISP's that are going
up, its not conceivable that the provider can block their own addrs as that
isnt a default install..
