[4195] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Martin Mares)
Tue Aug 27 04:24:25 1996
From: Martin Mares <mj@k332.feld.cvut.cz>
To: shagboy@bluesky.net
Date: Tue, 27 Aug 1996 10:08:28 +0200 (MET DST)
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <Pine.LNX.3.91.960827000848.2057F-100000@cirrus.bluesky.net> from "Racer X" at Aug 27, 96 00:12:06 am
Hi,
> Do it the same way ipfwadm does it. Allow there to be specific rules
> concerning what's allowed from where, and time restrictions (for
> instance, no more than 10 connects in 5 seconds or 20 in 1 minute from
> any one host). The only changes needed in the kernel are the hooks to
> set these parameters (and of course, to check them).
It doesn't solve the problem -- you can simply circumvent these
host-based restrictions by using _random_ source addresses for the attack.
Martin
