[4286] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (Jon Zeeff)
Wed Sep 11 09:29:35 1996
From: jon@branch.com (Jon Zeeff)
To: alexis@panix.com (Alexis Rosen)
Date: Wed, 11 Sep 1996 09:27:22 -0400 (EDT)
Cc: nanog@merit.edu
In-Reply-To: <199609110958.FAA16558@panix.com> from "Alexis Rosen" at Sep 11, 96 05:58:02 am
I don't know, but since nobody else seems to either, how about a
router box that detects excessive SYN activity and then automatically
blocks that ip address for awhile? I suppose it just means that
the attacker has to vary the source address rapidly.
> Anyway. Point is this: We can't take too much more of this, nor can our
> customers. I have yet to hear *anyone* come up with any ideas even remotely
> reasonable for how to deal with this situation, long term, except for the
