[12936] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Syn flooding attacks

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Oct 20 14:57:22 1997

To: Jim Shankland <jas@flyingfox.com>
cc: paulo@br.global-one.net, phil@charon.milepost.com, nanog@merit.edu
In-reply-to: Your message of "Mon, 20 Oct 1997 11:17:47 PDT."
             <199710201817.LAA28885@biggusdiskus.flyingfox.com> 
Reply-To: perry@piermont.com
Date: Mon, 20 Oct 1997 14:42:16 -0400
From: "Perry E. Metzger" <perry@piermont.com>


Jim Shankland writes:
> > I don't know of any routers that have these or other means of dealing with
> > the SYN attacks.
> 
> We deal with them; see http://www.flyingfox.com/synflood_ann.html.

The easiest/best way to deal with SYN floods is to implement BSDI
style TCP compressed state. NetBSD now has it, too. The solution is
far from perfect, but it goes a long way.

Perry


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12936] in North American Network Operators' Group

Re: Syn flooding attacks

daemon@ATHENA.MIT.EDU (Perry E. Metzger)Mon Oct 20 14:57:22 1997

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Oct 20 14:57:22 1997