[4992] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DoS, ICMP, proxies, SYNDefender

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Oct 3 19:10:51 1996

To: Tim Bass <bass@linux.silkroad.com>
cc: nanog@merit.edu, iepg@iepg.org
In-reply-to: Your message of "Thu, 03 Oct 1996 17:04:54 EDT."
             <199610032104.RAA00838@linux.silkroad.com> 
Reply-To: perry@piermont.com
Date: Thu, 03 Oct 1996 19:02:41 -0400
From: "Perry E. Metzger" <perry@piermont.com>


Tim Bass writes:
> On the SYNDefender firewall..... if we are interested in
> firewalls, then the 'elegant firewall solution' is, IMO,
> to insure that our gateways send ICMP UNREACHABLE messages
> back to the host.  Then it is somewhat easy to do the
> kernel checks to free SYN_REVC 'zombies'

It would also make it easier to nuke vital network communications
paths. Thanks, but I'll pass.

Perry


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4992] in North American Network Operators' Group

Re: DoS, ICMP, proxies, SYNDefender

daemon@ATHENA.MIT.EDU (Perry E. Metzger)Thu Oct 3 19:10:51 1996

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Oct 3 19:10:51 1996