Re[6]: SYN floods (was: does history repeat itself?)

[pcalhoun () usr com (Pat Calhoun)]

     Alec,
     
        I agree but if the NAS has the ability of raising a flag if a 
     malicious user (done with the user of a filter at the edge) tried to 
     create havoc, it would make your life much easier in not only 
     tracking, but possibly taking legal action.
     
     Pat R. Calhoun                                e-mail: pcalhoun () usr com 
     Project Engineer - Lan Access R&D                phone: (847) 933-5181 
     US Robotics Access Corp.

______________________________ Reply Separator _________________________________
Subject: Re: Re[4]: SYN floods (was: does history repeat itself?)
Author:  "Alec H. Peterson" <chuckie () panix com> at Internet
Date:    9/10/96 5:05 PM


Pat Calhoun writes:
>     Alexis,
>     
>        However if you are filtering on your outbound router to the net, 
>     there is still the possbility that a malicious user could spoof 
>     addresses as long as they belong to your address space. By moving the 
>     filter out to the edge (when you have the equipment) this eliminates 
>     that problem as well.
     
This is true, but if it is a valid host, the invalid SYNs will do 
nothing, because the source host will send a RST and the 
almost-connection will be torn down.  And if it isn't a valid host, it 
will still be _much_ easier to track, because you know in general where 
it's coming from.
     
Alec
     
-- 
+------------------------------------+--------------------------------------+ 
|Alec Peterson - chuckie () panix com   | Panix Public Access Internet and UNIX| 
|Network Administrator/Architect     | New York City, NY                    | 
+------------------------------------+--------------------------------------+

Attachment: RFC822 message headers
Description: cc:Mail note part