[4984] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Jeff Weisberg)
Thu Oct 3 17:54:42 1996
From: Jeff Weisberg <jaw@Op.Net>
Date: Thu, 3 Oct 1996 17:48:20 -0400
To: nanog@merit.edu
Cc: iepg@iepg.org
Avi writes:
| > But of course. The problem is that SYN_RCVD is a transient state in the
| > TCP automaton, and it requires some resources allocation. The life
| > might have been a little bit different if servers weren't forced
| > to track this state. Something like a signed ticket accompanying the
| > second SYN and the following ACK.
| >
| > Dima
|
| That's the idea of making the iss a ticket that includes mss info and
| a hash of the other info plus a security ticket.
|
| I had hoped to work on that but it looks like someone else local is almost
| done and claims that ignoring window size and any data with the SYN(s)
| is harmless...
"someone else local" :-) has thrown the initial implementation up on
his ftp server; sun3 & sun4 .o's and a back-port to Net/2 src code
(note though, I have not tested the Net/2 port):
ftp.op.net:/pub/src/syn-prophylactica/
I have been able to withstand a ~600+ syn/sec attack with no
noticable problems (slightly increased load, but no dropped
connections).
--jeff
