[4498] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Tue Sep 17 16:21:15 1996
Date: Tue, 17 Sep 1996 13:02:04 -0700
From: Vadim Antonov <avg@quake.net>
To: forrestc@iMach.com, nanog@merit.edu
Cc: iepg@iepg.org
This is the excellent idea! Actually, router vendors may simply
add a feature which shuts down the interface if SYN/SYN-ACK balance
is too bad -- thus disconnecting the hacker-to-be.
Of course, that balance may be decaying with time, so repeated
unsuccessful attempts to connect won't trigger alarms.
--vadim
Forrest W. Christian <forrestc@iMach.com> wrote:
Maybe I'm missing something here, but wouldn't these Denial of Service
attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a
given router interface?
If so, then couldn't we just sweet-talk cisco into providing 5 minute
counts of syns and syn-acks on an interface?
