[4188] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (babydr)
Sun Aug 25 14:53:03 1996
Date: Sun, 25 Aug 1996 11:44:45 -0700 (PDT)
From: babydr <babydr@nwrain.net>
Reply-To: babydr <babydr@nwrain.net>
To: Olaf Titz <olaf@bigred.inka.de>
Cc: "Linux Network Info. List" <linux-net@vger.rutgers.edu>
In-Reply-To: <dwp09f.i89@bigred.inka.de>
On 25 Aug 1996, Olaf Titz wrote:
> <nelson@crynwr.com> wrote:
> [Filtering excessive SYNs]
> > > I have an even better idea - rather than rely on the vendors, let's put it
> > > in the Linux IP code. (I do agree with you that the vendors SHOULD do
> > > that, but I don't really think they're going to)
> > Linux is not used as a router by too many people.
>
> No, put it in the Linux code for the benefit of the targets of such attacks.
>
Olaf, & many others, It would be much goodness if even a
small portion of your time would be placed on tools to be
able to trace these back to near their sources.
If this is a FAQ I'll Gladly head straight for it .
I am aware much of your(s) time is taken up with
bigger issues which many others are waiting to hear
from you about.
Yes, I am aware that the trace is at least as bad as the
original attack, At my present employer we have been
snagged by a couple of these & have not had a chance to
bring to bear what small tools we have before the offender
has left existance, & the logfiles are spotty at best on
these kind of attacks.
Tnx, JimL
