Bugtraq mailing list archives
Re: improved synflood protection & detection
From: oliver () SECURENETWORKS COM (Oliver Friedrichs)
Date: Wed, 6 May 1998 15:01:24 -0600
On Wed, 6 May 1998, VaX#n8 wrote:
Many if not all of the addresses in the above blocks are unused. Affording ingress to TCP packets to which you cannot respond seems pointless and a bit temerarious. It may be worthwhile to generate list of all address blocks not recently routed and construct a filter based on those. It may also be useful to log these packets for auditing, so you can detect if the status of a block changes.
This really won't work. It may have worked if every single IP address on every single registered network were in use and reachable 100% of the time. I can pick any random registered network and find addresses on that network which aren't currently being used, or with hosts that aren't reachable (behind a firewall). - Oliver - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211
Current thread:
- improved synflood protection & detection VaX#n8 (May 06)
- Re: improved synflood protection & detection Oliver Friedrichs (May 06)
- Re: improved synflood protection & detection Gert Doering (May 06)