Re: BoS: ANNOUNCE: Livermore Solution for SYN FLOOD

[perry () piermont com (Perry E. Metzger)]

firstcat () lsli com writes:
> Livermore Software Labs. Announces  Defense against SYN Flooding Attacks:
> N.O.A.H.  Component Lets Firewall Rise Above SYN Floods

Its amazing to me how many companies are trying to cash in on the
SYN attack problem. I am not sure any of it is worth people's money.

Panix is still being attacked, folks, but the attacks don't hurt it
any more because the kernels have been hardened. Some tuning in the
network stack is most of what people need here. If you want a defense,
nag your vendor, who will either provide one for free now or will
provide one for free soon. I don't recommend spending money on
products that claim to "detect" the attacks. Its damn hard in the
general case to detect the things, period. However, a set of decent
data structures in your kernel and a good algorithm for dumping old
half open connections and you appear to be pretty much set.

Incidently, it would be Really Really Good if people followed the
recommendation in the CERT advisory and started filtering their
outgoing traffic to prevent spoofs from their network. Every little
bit counts.

Perry