[4301] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (Larry J. Plato)
Wed Sep 11 14:47:24 1996
From: "Larry J. Plato" <ljp@ans.net>
To: jon@branch.com (Jon Zeeff)
Date: Wed, 11 Sep 1996 18:43:22 +0000 (GMT)
Cc: alexis@panix.com, nanog@merit.edu
In-Reply-To: <m0v0pK7-000NjGC@aero.branch.com> from "Jon Zeeff" at Sep 11, 96 09:27:22 am
If you can write a SYN flooder you can trivialy add the call to
to generate a random source address....
IMHO this is not a win.
Larry Plato
>
>
> I don't know, but since nobody else seems to either, how about a
> router box that detects excessive SYN activity and then automatically
> blocks that ip address for awhile? I suppose it just means that
> the attacker has to vary the source address rapidly.
>
> > Anyway. Point is this: We can't take too much more of this, nor can our
> > customers. I have yet to hear *anyone* come up with any ideas even remotely
> > reasonable for how to deal with this situation, long term, except for the
>