nanog mailing list archives
Re: SYN floods continue
From: "Steven L. Johnson" <steve () barstool com>
Date: Thu, 12 Sep 1996 00:05:54 -0400 (EDT)
Anyway. Point is this: We can't take too much more of this, nor can our customers. I have yet to hear *anyone* come up with any ideas even remotely reasonable for how to deal with this situation, long term, except for the filtering that Avi, Perry, and I have been promoting these last few days.
If hardening all hosts against forged source address SYN attacks is not feasible then perhaps providing a hardened device in front of server farms is. How about something that spoofs the TCP connection setup, uses minimal resources for unconfirmed TCP connections and perhaps more aggressively times out these connections when under attack. Basically this firewall would not forward a SYN packet to a server from an unknown host until that host had properly ACKd a SYN ACK from the firewall. The resulting connection would require that the firewall adjust seq/ack numbers before forwarding the packets between the host and server as the pseudo random seq number used in the initial SYN ACK from the firewall to the host will be different from that proposed eventually by the server. And it makes sequence guessing attacks much harder as well. An idea? -Steve - - - - - - - - - - - - - - - - -
Current thread:
- SYN floods continue Alexis Rosen (Sep 11)
- Re: SYN floods continue Robert Bowman (Sep 11)
- Re: SYN floods continue Jon Zeeff (Sep 11)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Avi Freedman (Sep 11)
- Re: SYN floods continue alex (Sep 11)
- Re: SYN floods continue Larry J. Plato (Sep 11)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Michael Dillon (Sep 11)
- Re: SYN floods continueg Avi Freedman (Sep 11)
- Re: SYN floods continue Steven L. Johnson (Sep 11)
- Re: SYN floods continueh Avi Freedman (Sep 12)
- <Possible follow-ups>
- Re: SYN floods continue Sean Donelan (Sep 11)
- Re[2]: SYN floods continue Pat Calhoun (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Justin W. Newton (Sep 11)
- Re: SYN floods continue Vern Paxson (Sep 11)
- Re: SYN floods continue alex (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Jim Forster (Sep 13)
- Re: SYN floods continue Perry E. Metzger (Sep 13)
- Re: SYN floods continue Jim Forster (Sep 13)