[12934] in North American Network Operators' Group
Re: Syn flooding attacks
daemon@ATHENA.MIT.EDU (Vern Paxson)
Mon Oct 20 14:32:27 1997
To: Phil Howard <phil@charon.milepost.com>
Cc: paulo@br.global-one.net (Paulo Maffei), nanog@merit.edu
In-reply-to: Your message of Mon, 20 Oct 1997 12:09:11 PDT.
Date: Mon, 20 Oct 1997 11:08:27 PDT
From: Vern Paxson <vern@ee.lbl.gov>
> The router could discard the SYN, remembering it, and let pass the retry SYN
> that usually occurs with valid connections and does not with invalid ones.
This is no good - all the crackers have to do is modify their programs
to send two bogus SYNs, spaced apart, instead of just one.
Vern
