[4524] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Curtis Villamizar)
Tue Sep 17 20:56:55 1996
To: "Erik E. Fair" (Time Keeper) <fair@clock.org>
cc: "Forrest W. Christian" <forrestc@imach.com>, nanog@merit.edu,
iepg@iepg.org
Reply-To: curtis@ans.net
In-reply-to: Your message of "Tue, 17 Sep 1996 04:30:40 PDT."
<v03007814ae643a8d0173@[198.68.110.3]>
Date: Tue, 17 Sep 1996 20:52:17 -0400
From: Curtis Villamizar <curtis@ans.net>
In message <v03007814ae643a8d0173@[198.68.110.3]>, "Erik E. Fair" writes:
> Your suggestion has two flaws:
>
> 1. missed SYN ACKs due to asymmetric routing.
On the order of 1,000 pps worth?
> 2. missed SYN ACKs due to diode routes.
Again. On the order of 1,000 pps worth?
Remeber that a corrected kernel needs on the order of 1,000 pps on
SYNs to have an effect (much more if the timer is dropped from 75
seconds). With the hashed PCBs the host doesn't even slow down all
that much either.
OTOH if the attacked host has a listen queue of 8 or something real
small, it only takes one packet every 8 seconds or so to keep the
queue full with a 75 second timer.
Curtis
