[4272] in North American Network Operators' Group
Re: Re[4]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Alec H. Peterson)
Tue Sep 10 17:12:10 1996
From: "Alec H. Peterson" <chuckie@panix.com>
To: pcalhoun@usr.com (Pat Calhoun)
Date: Tue, 10 Sep 1996 17:05:21 -0400 (EDT)
Cc: alexis@panix.com, nanog@merit.edu, perry@piermont.com
In-Reply-To: <234661D0.3000@usr.com> from "Pat Calhoun" at Sep 10, 96 01:21:45 pm
Pat Calhoun writes:
>
> Alexis,
>
> However if you are filtering on your outbound router to the net,
> there is still the possbility that a malicious user could spoof
> addresses as long as they belong to your address space. By moving the
> filter out to the edge (when you have the equipment) this eliminates
> that problem as well.
This is true, but if it is a valid host, the invalid SYNs will do
nothing, because the source host will send a RST and the
almost-connection will be torn down. And if it isn't a valid host, it
will still be _much_ easier to track, because you know in general
where it's coming from.
Alec
--
+------------------------------------+--------------------------------------+
|Alec Peterson - chuckie@panix.com | Panix Public Access Internet and UNIX|
|Network Administrator/Architect | New York City, NY |
+------------------------------------+--------------------------------------+
