[4581] in North American Network Operators' Group
Re: router syn/syn-ack/ack alarming...
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Wed Sep 18 17:08:16 1996
Date: Wed, 18 Sep 1996 13:57:52 -0700
From: Vadim Antonov <avg@quake.net>
To: michael@memra.com, nanog@merit.edu
Michael Dillon <michael@memra.com> wrote:
>This ratio detection
>doesn't need to shutdown anything, just syslog the fact so that admins
>have something in their logs like SYN/ACK RATIO 33:1 POSSIBLE HACKER
>ATTACK which will make them sit up and take notice.
Ah, you're an optimist.
Most sysadmins would simply ignore whatever warnings they get as
long as their internal users aren't complaining.
And half of them wouldn't know what SYN/ACK ratio is.
--vadim
