nanog mailing list archives
Re: SYN floods continue
From: "Larry J. Plato" <ljp () ans net>
Date: Wed, 11 Sep 1996 18:43:22 +0000 (GMT)
If you can write a SYN flooder you can trivialy add the call to to generate a random source address.... IMHO this is not a win. Larry Plato
I don't know, but since nobody else seems to either, how about a router box that detects excessive SYN activity and then automatically blocks that ip address for awhile? I suppose it just means that the attacker has to vary the source address rapidly.Anyway. Point is this: We can't take too much more of this, nor can our customers. I have yet to hear *anyone* come up with any ideas even remotely reasonable for how to deal with this situation, long term, except for the
- - - - - - - - - - - - - - - - -
Current thread:
- SYN floods continue Alexis Rosen (Sep 11)
- Re: SYN floods continue Robert Bowman (Sep 11)
- Re: SYN floods continue Jon Zeeff (Sep 11)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Avi Freedman (Sep 11)
- Re: SYN floods continue alex (Sep 11)
- Re: SYN floods continue Larry J. Plato (Sep 11)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Michael Dillon (Sep 11)
- Re: SYN floods continueg Avi Freedman (Sep 11)
- Re: SYN floods continue Steven L. Johnson (Sep 11)
- Re: SYN floods continueh Avi Freedman (Sep 12)
- <Possible follow-ups>
- Re: SYN floods continue Sean Donelan (Sep 11)
- Re[2]: SYN floods continue Pat Calhoun (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Justin W. Newton (Sep 11)
- Re: SYN floods continue Vern Paxson (Sep 11)
- Re: SYN floods continue alex (Sep 11)
(Thread continues...)