Bugtraq mailing list archives
Re: BoS: ANNOUNCE: Livermore Solution for SYN FLOOD
From: perry () piermont com (Perry E. Metzger)
Date: Thu, 3 Oct 1996 13:12:23 -0400
firstcat () lsli com writes:
Livermore Software Labs. Announces Defense against SYN Flooding Attacks: N.O.A.H. Component Lets Firewall Rise Above SYN Floods
Its amazing to me how many companies are trying to cash in on the SYN attack problem. I am not sure any of it is worth people's money. Panix is still being attacked, folks, but the attacks don't hurt it any more because the kernels have been hardened. Some tuning in the network stack is most of what people need here. If you want a defense, nag your vendor, who will either provide one for free now or will provide one for free soon. I don't recommend spending money on products that claim to "detect" the attacks. Its damn hard in the general case to detect the things, period. However, a set of decent data structures in your kernel and a good algorithm for dumping old half open connections and you appear to be pretty much set. Incidently, it would be Really Really Good if people followed the recommendation in the CERT advisory and started filtering their outgoing traffic to prevent spoofs from their network. Every little bit counts. Perry
Current thread:
- TCP SYN attack possible SOLUTION: FW-1 Saqib A. Khan (Oct 02)
- Re: TCP SYN attack possible SOLUTION: FW-1 Doctor Who (Oct 02)
- BoS: ANNOUNCE: Livermore Solution for SYN FLOOD firstcat () lsli com (Oct 02)
- Re: BoS: ANNOUNCE: Livermore Solution for SYN FLOOD Perry E. Metzger (Oct 03)
- More HP vulnerabilities? Lionel Cons (Oct 03)