[4972] in North American Network Operators' Group
Re: TCP SYN attacks
daemon@ATHENA.MIT.EDU (Zach)
Thu Oct 3 15:21:47 1996
Date: Thu, 3 Oct 1996 12:20:15 -0700 (PDT)
From: Zach <zab@grumblesmurf.net>
To: Ran Atkinson <rja@cisco.com>
cc: nanog@merit.edu, iepg@iepg.org
In-Reply-To: <199610031837.LAA10778@cornpuffs.cisco.com>
On Thu, 3 Oct 1996, Ran Atkinson wrote:
> >Dima Volodin writes:
> >> Now can I hold my breath waiting for vendors to incorporate this stuff
> >> into their products?
>
> At least BSDI, Sun, SGI, and HP are working on TCP SYN hardening.
> (yes, cisco is also on top of things :-).
>
> I have no data on what might be up at other vendors.
the linux ip folk have released at least one patch (available near
http://www.uk.linux.org/NetNews.html) that holds off the problem for a
bit. it has a larger infant connection queue and drops some off the end
if its under attack. There has also been some talk of doing much more
'sneaky' stuff. i.e. encoding cookies in rsts instead of sending
synacks..
zach
