[4534] in North American Network Operators' Group
Re: router syn/syn-ack/ack alarming...
daemon@ATHENA.MIT.EDU (Jeff Young)
Tue Sep 17 22:07:27 1996
To: Regis Donovan <regisdo@microsoft.com>
cc: "'nanog@merit.edu'" <nanog@merit.edu>
In-reply-to: Your message of "Tue, 17 Sep 1996 13:23:35 PDT."
<c=US%a=_%p=msft%l=RED-89-MSG-960917202335Z-16009@mail2.microsoft.com>
Date: Tue, 17 Sep 1996 21:57:23 -0400
From: "Jeff Young" <young@mci.net>
i think that they're talking about shutting down the source,
not the destination. if you deploy it on your own incoming
interface, well, gun - foot - bang :-)
Jeff Young
young@mci.net
> From: Regis Donovan <regisdo@microsoft.com>
> To: "'nanog@merit.edu'" <nanog@merit.edu>
> Subject: router syn/syn-ack/ack alarming...
> Date: Tue, 17 Sep 1996 13:23:35 -0700
> X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.24
> Encoding: 13 TEXT
> Sender: owner-nanog@merit.edu
> Content-Type: text
> Content-Length: 522
>
> um... maybe i'm missing the clue here, but if the router vendors add
> something that shuts down an interface if the SYN/SYN-ACK/ACK ratio
> becomes too bad make it *easier* for me if i'm doing a denial of service
> attack on a host?
>
> instead of denying service to a given host, all i have to do is drive
> the router into alarm mode so it shuts off the interface and then i get
> to deny service to an entire segment and everything downstream from that
> segment...
>
> here's to better bang for your cracker-kiddie buck...
> --regis
> >
