[4215] in North American Network Operators' Group
Re: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Craig A. Huegen)
Mon Sep 9 12:31:12 1996
Date: Mon, 9 Sep 1996 09:13:32 -0700 (PDT)
From: "Craig A. Huegen" <c-huegen@quad.quadrunner.com>
To: Avi Freedman <freedman@netaxs.com>
cc: bwatson@genuity.net, nanog@merit.edu
In-Reply-To: <199609091426.KAA01318@netaxs.com>
On Mon, 9 Sep 1996, Avi Freedman wrote:
==>
==>I will make time to start running the route aggregator at routes.netaxs.com
==>again; we've been fighting a random-src-address-SYN-attacker for the last
==>week or two. I may have some comments on THAT for NANOG re: inter-provider
==>cooperation shortly.
==>
==>Avi
==>
A friend of mine gave me a photocopy of a page in the latest 2600
magazine. It was the source code for a SYN flooder on Linux, with a
description of what it does and a notice on how it can really cause
denial-of-service attacks.
I can't remember if it also supplied the source for the source-spoof
kernel patch or not, but it does mention that you should use the
source-spoof patch to hide your identity.
So, what does this say? Look for more 13-year-olds causing
denial-of-service attacks for the hell of it. It seems a lot of the
providers SYN flooders like to attack are the ones which have IRC servers,
but the flooders attack the more traditional services of those providers,
too.
/cah
----
Craig A. Huegen CCIE || ||
Network Analyst, IS-Network/Telecom || ||
cisco Systems, Inc., 250 West Tasman Drive |||| ||||
San Jose, CA 95134, (408) 526-8104 ..:||||||:..:||||||:..
email: chuegen@cisco.com c i s c o S y s t e m s
