nanog mailing list archives
Re: DoS, ICMP, proxies, SYNDefender
From: Tim Bass <bass () linux silkroad com>
Date: Thu, 3 Oct 1996 17:04:54 -0400 (EDT)
Thanks for the RFC quote..... I've been hacking code for hours and just the qoute is a big help. BTW: On the SYNDefender firewall..... if we are interested in firewalls, then the 'elegant firewall solution' is, IMO, to insure that our gateways send ICMP UNREACHABLE messages back to the host. Then it is somewhat easy to do the kernel checks to free SYN_REVC 'zombies' For example it is two hops from here to the provider host that blackholes the SYN/ACK second part of the handshake. If that gateway would send me an UNREACHABLE message, it would be easy to just end RST as in the no-problem reachable state. And, TCP remains an end-to-end protocol, which, I think, we all would think would be 'elegant'..... I feel like a cheerleader 'Give me an U N R E A C H A B L E' wha-at-ya-got ......... Best Regards, Tim - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Uh...excuse me...? Carl Payne (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 02)
- Re: New Denial of Service Attack on Panix\ Avi Freedman (Oct 02)
- Re: New Denial of Service Attack on Panix\ Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix\ Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix\ Matt Zimmerman (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Perry E. Metzger (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Perry E. Metzger (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Dima Volodin (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Dima Volodin (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)