[4552] in North American Network Operators' Group
Re: SYN floods
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Sep 18 08:07:15 1996
Date: Wed, 18 Sep 1996 07:52:12 -0400
To: "Erik E. Fair" (Time Keeper) <fair@clock.org>
From: Paul Ferguson <pferguso@cisco.com>
Cc: "Kent W. England" <kwe@6SigmaNets.com>, Michael Dillon <michael@memra.com>,
nanog@merit.edu, iepg@iepg.org
At 02:36 PM 9/17/96 -0700, Time Keeper wrote:
>It is also important to remember that the SYN attack is only one in a class
>of one-way denial-of-service attacks. While hardening the servers on the
>net against this kind of attack is important (and is the province of the
>server/OS vendors, not the router or firewall vendors), the most effective
>way to end a denial of service attack is to trace it to its source, and
>terminate it there.
>
And terminate the perpetrator. ,-)
>
>It is time for a Best Common Practice document.
>
> Erik Fair
>
Erik, I volunteer to co-author. Please contact me if you are interseted
in getting this document put together RSN.
- paul
