[4423] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: New Denial of Service Attack on Panix

daemon@ATHENA.MIT.EDU (Michael Dillon)
Mon Sep 16 20:42:45 1996

Date: Mon, 16 Sep 1996 17:31:07 -0700 (PDT)
From: Michael Dillon <michael@memra.com>
To: nanog@merit.edu
cc: iepg@iepg.org
In-Reply-To: <>

On Mon, 16 Sep 1996, Kent W. England wrote:

> I'd like to know what the community thinks can be done to deal with an
> escalation of these attacks should this occur. Are you doing any source
> address verification now? Are you doing anything to help Panix? Could you?

Have a look at the firewalls mailing list archive for more info

There are at least three things you can do to protect yourself from such
attacks. One is to patch your UNIX/BSD kernel to allow much higher numbers
of incomplete socket connections. One is to have another machine or your
network issue RST's for sockets that it thinks are part of the SYN flood
attack. And one is to install a SYN proxy machine between your net and the
Internet which catches all SYN packets and holds them until an ACK is
received at which point the SYN and the ACK are passed on to your network. 
Such a proxy can be built to handle HUGE numbers of incomplete conections.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael@memra.com

home help back first fref pref prev next nref lref last post