[4394] in linux-net channel archive
SYN spoofing attacks
daemon@ATHENA.MIT.EDU (Alan Cox)
Sun Sep 15 11:42:16 1996
Date: Sun, 15 Sep 96 14:03 BST
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
To: linux-net@vger.rutgers.edu
Cc: jos@xos.nl
One more idea to throw into the can for bigger sites would be to look
at modifying the masquerading code so a front end box can sit and
wait for SYN SYN|ACK ACK transitions then pass the connection request through
to the real host and bend the sequence numbers. That way you can have one
box with a lot of ram that does nothing but hold connections and expire
them appropriately. Such a box could if designed right also shield other
non Linux systems.
Any thoughts Jos ?
Alan
