[4553] in North American Network Operators' Group
Re: router syn/syn-ack/ack alarming...
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Sep 18 08:08:33 1996
Date: Wed, 18 Sep 1996 07:52:02 -0400
To: Regis Donovan <regisdo@microsoft.com>
From: Paul Ferguson <pferguso@cisco.com>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
If it were such a clean-and-dry issue, believe me, we 'router vendors'
would be happy to implement this knob; but alas, there are several valid
instances where the SYN/SYN-ACK/ACK conversation ratio is not quite
predictable.
In any event, we are not sitting idly -- more info as it becomes available.
- paul
At 01:23 PM 9/17/96 -0700, Regis Donovan wrote:
>um... maybe i'm missing the clue here, but if the router vendors add
>something that shuts down an interface if the SYN/SYN-ACK/ACK ratio
>becomes too bad make it *easier* for me if i'm doing a denial of service
>attack on a host?
>
>instead of denying service to a given host, all i have to do is drive
>the router into alarm mode so it shuts off the interface and then i get
>to deny service to an entire segment and everything downstream from that
>segment...
>
>here's to better bang for your cracker-kiddie buck...
>--regis
>
