[4252] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Alex.Bligh)
Sat Aug 31 11:17:23 1996
To: Henry W Miller <mill0440@gold.tc.umn.edu>
cc: linux-net@vger.rutgers.edu
In-reply-to: Your message of "Fri, 30 Aug 1996 20:11:46 CDT."
<Pine.SOL.3.91.960830200116.8456A-100000@gold.tc.umn.edu>
Date: Sat, 31 Aug 1996 15:50:29 +0100
From: "Alex.Bligh" <amb@xara.net>
> After some thought I think that this would provide some relief: on
> reciving any syn, handle it normally, but also send a series of ICMP
> pings to the host. If after a short amount of time no pings come back
> assume the host is dead, and kill the connection. I theory a ping should
> get through quickly, so we at least know there is a valid host behind
> this ip address.
AFAIK some hosts have ICMP Echo filtered out upstream in order
to try and escape flood ping attacks.
Alex Bligh
Xara Networks
