[4997] in North American Network Operators' Group
RE: BSDI announcement about defense against syn-flooding attacks
daemon@ATHENA.MIT.EDU (William Sommers)
Thu Oct 3 20:26:00 1996
Date: Thu, 3 Oct 96 17:15:56 PDT
From: William Sommers <sommers@sfo.com>
To: nanog@merit.edu, Rob Liebschutz <rob@rjl.com>
On Thu, 3 Oct 96 16:35:13 PDT Rob Liebschutz wrote:
> They've made a big announcement about it, but the code doesn't yet
> appear to be on their ftp site. The announcement does not describe
> what approach they took to solving the problem (presumably something
> more then their existing patch for the larg PCB hash table). See
> http://www.bsdi.com/press/19961002.html for the full announcement.
>
> It scares me to think how much effort has gone into defense against
> this one denial of service attack when there are endless possibilities
> for other ones.
Actually, they released a number of patches all at once, including (quoting
the notice just sent out by polk@bsdi.com):
The remainder of the patches (K210-021, K210-022, and U210-025)
add support for IP source checking, and for reducing and/or
eliminating problems associated with SYN attacks, IP fragment
attacks, and some other denial of service/looped server attacks.
Unfortunately, these are available only for BSD/OS 2.1 -- nothing for prior
releases.
William Sommers
San Francisco Online
Televolve, Inc.
sommers@sfo.com
