[12945] in North American Network Operators' Group
Re: Syn flooding attacks
daemon@ATHENA.MIT.EDU (Peter Evans)
Mon Oct 20 19:30:12 1997
Date: Tue, 21 Oct 1997 09:18:14 +1000
From: Peter Evans <peter@gol.ad.jp>
To: nanog@merit.edu
In-Reply-To: <199710201709.MAA12981@charon.milepost.com> [%y%02m.%02N]
Phil Howard <phil@charon.milepost.com> wrote:
[about SYN flooding]
|I don't know of any routers that have these or other means of dealing with
|the SYN attacks.
If you search cco for "tcp intercept", you should find
something interesting. This feature was available in
11.2(4)F. ((paraphrased from memory))
Basically the router completed the handshaking then passed
on the completed connection to the inside host.
When under attack, it halves the timeouts (progressively?)
for half-open connections.
I don't know what happened to the F branch. It seems to have
been left behind.
Peter
----*
--
The Lost Patrol. Level 30~36, HP 800, AC -2. The Highway Patrol of
The Random Road, they keep the peace, they eat donuts. -TRR '97
O_u \\ // P-Chan ya \\ Global OnLine Japan
U \Beh! \\ // P-Moji-Yo! \\ Steam Engineering
