[5041] in North American Network Operators' Group
Re: TCP SYN attacks
daemon@ATHENA.MIT.EDU (Avi Freedman)
Fri Oct 4 19:27:47 1996
From: Avi Freedman <freedman@netaxs.com>
To: tedlin@microsoft.com (Ted Linnenkamp)
Date: Fri, 4 Oct 1996 19:24:16 -0400 (EDT)
Cc: freedman@netaxs.com, iepg@iepg.org, nanog@merit.edu
In-Reply-To: <c=US%a=_%p=msft%l=RED-90-MSG-961004225647Z-25098@tide21.microsoft.com> from "Ted Linnenkamp" at Oct 4, 96 03:56:47 pm
> >From: Tim Bass[SMTP:bass@linux.silkroad.com]
> >Sent: Friday, October 04, 1996 7:58 AM
> >To: freedman@netaxs.com
> >Cc: nanog@merit.edu; iepg@iepg.org
> >Subject: Re: TCP SYN attacks
> >
> >>
> >> My preferred approach is to not even have to store state on any
> >> of the embryonic connections. And to implement the fix on all
> >> of my hosts. And customers can implement it in a firewall, if
> >> they choose (and have boxes which can't be fixed: Win95, NT, Macs, ...).
> >>
> >> Avi
>
> Avi,
>
> Did you mean to state that these boxes can't be fixed (hardened against
> SYN attacks) by you?
>
> Ted L.
>
> My statements are my own and not of the Microsoft Corp.
If I had Win95 or NT source I suppose I could harden them w/out
a SYN-handling proxy...
Ditto for MacOS (if that's what it's called).
Avi
