Bugtraq mailing list archives

Re: improved synflood protection & detection

From: oliver () SECURENETWORKS COM (Oliver Friedrichs)
Date: Wed, 6 May 1998 15:01:24 -0600


On Wed, 6 May 1998, VaX#n8 wrote:

Many if not all of the addresses in the above blocks are unused.
Affording ingress to TCP packets to which you cannot respond
seems pointless and a bit temerarious.
It may be worthwhile to generate list of all address blocks not
recently routed and construct a filter based on those.
It may also be useful to log these packets for auditing, so
you can detect if the status of a block changes.


This really won't work.  It may have worked if every single IP address on
every single registered network were in use and reachable 100% of the
time.  I can pick any random registered network and find addresses on that
network which aren't currently being used, or with hosts that aren't
reachable (behind a firewall).

- Oliver

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Secure Networks Incorporated.  Calgary, Alberta, Canada, (403) 262-9211

Current thread:

improved synflood protection & detection VaX#n8 (May 06)
- Re: improved synflood protection & detection Oliver Friedrichs (May 06)
- Re: improved synflood protection & detection Gert Doering (May 06)