BoS: ANNOUNCE: Livermore Solution for SYN FLOOD

[firstcat () lsli com (firstcat () lsli com)]

Livermore Software Labs. Announces  Defense against SYN Flooding Attacks:
N.O.A.H.  Component Lets Firewall Rise Above SYN Floods


HOUSTON, TX ( October, 1996) Livermore Software Laboratories, International announced its
SYN flood defense for the PORTUS firewall, N.O.A.H..  PORTUS is the first application
firewall to defend against the SYN flood attacks that have denied service to many systems
on the Internet.  The PORTUS monitor automatically detects SYN flood attacks, manages the
partially
completed connection queue, deletes old entries, and alerts the systems administrators.
PORTUS performs queue management, adjusting queue lengths, high and low water marks based
on system status.  PORTUS has always prevented systems behind the firewall from receiving
SYN attacks.  With the new enhancement PORTUS also protects itself from denial of service
attacks.

Unlike other approaches taken by packet filter firewalls, PORTUS' N.O.A.H. never lets a
system
behind the firewall see a SYN flood attack.  As a result, protected servers never see a
invalid SYN and ACK.  Thus the server does not have to respond by spawning a
process to support a connection that will eventually timeout.  This prevents the server
from wasting cpu and memory resources responding to hundreds superfluous
connection requests, which could cause other system problems(such as crashes).

NOAH is a standard component in the PORTUS V2.2 release, and will ship October 5th to
LSLI's existing customers, and enter general distribution the following week. PORTUS is
available through standard distribution channels and LSLI directly. For more information
contact LSLI at 713/ 974-3274.

Livermore Software Labs
http://www.lsli.com