[5010] in North American Network Operators' Group
Re: TCP SYN attacks
daemon@ATHENA.MIT.EDU (Dima Volodin)
Fri Oct 4 08:48:31 1996
To: freedman@netaxs.com (Avi Freedman)
Date: Fri, 4 Oct 1996 08:42:50 -0400 (EDT)
Cc: tep@sdsc.edu, dvv@sprint.net, richards@netrex.com, rja@cisco.com,
nanog@merit.edu, iepg@iepg.org
In-Reply-To: <199610040050.UAA17108@access.netaxs.com> from "Avi Freedman" at Oct 3, 96 08:50:51 pm
From: dvv@sprint.net (Dima Volodin)
Now what is 100,000 entries? With the timeout aggressively set at 10
secs (heck, with 10 secs I sometimes cannot even get all the images on
home.netscape.com) it's only 1000 SYNs/sec. How many hosts you want to
protect with such a firewall?
Dima
Avi Freedman writes:
>
> If someone can hose a firewall with an adaptive SYN timeout and
> a 100,000 or more-entry state storage structure for pending SYNs
> (not that any particular implementation does this that I know of
> or don't know of) then I *WANT* them to attack me.
>
> Something that un-subtle should be eeasy to track back to the source.
>
> > Tom E. Perrine (tep@SDSC.EDU) | San Diego Supercomputer Center
> > http://www.sdsc.edu/~tep/ | Voice: +1.619.534.5000
> > "Ille Albus Canne Vinco Homines" - You Know Who
>
> Avi
>
