[4193] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Racer X)
Tue Aug 27 01:51:26 1996
Date: Tue, 27 Aug 1996 00:12:06 -0400 (EDT)
From: Racer X <shagboy@wspice.com>
Reply-To: shagboy@bluesky.net
To: Eric Schenk <schenk@cs.toronto.edu>
cc: linux-net@vger.rutgers.edu
In-Reply-To: <96Aug25.133627edt.15387@dvp.cs.toronto.edu>
On Sun, 25 Aug 1996, Eric Schenk wrote:
> Also, I'm not sure I'd want to see such heuristics as part of the kernel.
> If we can figure out a way to deal with this in user space, then it
> may be worth a try.
Do it the same way ipfwadm does it. Allow there to be specific rules
concerning what's allowed from where, and time restrictions (for
instance, no more than 10 connects in 5 seconds or 20 in 1 minute from
any one host). The only changes needed in the kernel are the hooks to
set these parameters (and of course, to check them).
> In the end, I don't see how Denial of Service attacks can be prevented.
> All we can hope to do is to make the attacker tracable so they can be
> held accountable. IPV6 should help with this somewhat.
This is a possible solution, at least for now. It's something everyone
can do on their own, and not have to worry about someone higher up
protecting them. I think we can at least do SOMETHING for now about
denial of service type attacks.
shag
Judd Bourgeois | When we are planning for posterity,
shagboy@bluesky.net | we ought to remember that virtue is
Finger for PGP key | not hereditary. Thomas Paine
