nanog mailing list archives
RE: BSDI announcement about defense against syn-flooding attacks
From: William Sommers <sommers () sfo com>
Date: Thu, 3 Oct 96 17:15:56 PDT
On Thu, 3 Oct 96 16:35:13 PDT Rob Liebschutz wrote:
They've made a big announcement about it, but the code doesn't yet appear to be on their ftp site. The announcement does not describe what approach they took to solving the problem (presumably something more then their existing patch for the larg PCB hash table). See http://www.bsdi.com/press/19961002.html for the full announcement. It scares me to think how much effort has gone into defense against this one denial of service attack when there are endless possibilities for other ones.
Actually, they released a number of patches all at once, including (quoting the notice just sent out by polk () bsdi com): The remainder of the patches (K210-021, K210-022, and U210-025) add support for IP source checking, and for reducing and/or eliminating problems associated with SYN attacks, IP fragment attacks, and some other denial of service/looped server attacks. Unfortunately, these are available only for BSD/OS 2.1 -- nothing for prior releases. William Sommers San Francisco Online Televolve, Inc. sommers () sfo com - - - - - - - - - - - - - - - - -
Current thread:
- BSDI announcement about defense against syn-flooding attacks Rob Liebschutz (Oct 03)
- Re: BSDI announcement about defense against syn-flooding attacks Perry E. Metzger (Oct 03)
- Re: BSDI announcement about defense against syn-flooding attacks Alexis Rosen (Oct 03)
- <Possible follow-ups>
- RE: BSDI announcement about defense against syn-flooding attacks William Sommers (Oct 03)
- Re: BSDI announcement about defense against syn-flooding attacks Avi Freedman (Oct 03)
- Re: BSDI announcement about defense against syn-flooding attacks Rob Liebschutz (Oct 04)