[6707] in bugtraq
Re: improved synflood protection & detection
daemon@ATHENA.MIT.EDU (Oliver Friedrichs)
Fri May 8 14:43:53 1998
Date: Wed, 6 May 1998 15:01:24 -0600
Reply-To: Oliver Friedrichs <oliver@SECURENETWORKS.COM>
From: Oliver Friedrichs <oliver@SECURENETWORKS.COM>
X-To: VaX#n8 <vax@LINKDEAD.PARANOIA.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199805061054.FAA04766@linkdead.paranoia.com>
On Wed, 6 May 1998, VaX#n8 wrote:
> Many if not all of the addresses in the above blocks are unused.
> Affording ingress to TCP packets to which you cannot respond
> seems pointless and a bit temerarious.
> It may be worthwhile to generate list of all address blocks not
> recently routed and construct a filter based on those.
> It may also be useful to log these packets for auditing, so
> you can detect if the status of a block changes.
This really won't work. It may have worked if every single IP address on
every single registered network were in use and reachable 100% of the
time. I can pick any random registered network and find addresses on that
network which aren't currently being used, or with hosts that aren't
reachable (behind a firewall).
- Oliver
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211
