nanog mailing list archives

Re: TCP SYN attacks

From: dvv () sprint net (Dima Volodin)
Date: Fri, 4 Oct 1996 08:42:50 -0400 (EDT)

Now what is 100,000 entries? With the timeout aggressively set at 10
secs (heck, with 10 secs I sometimes cannot even get all the images on
home.netscape.com) it's only 1000 SYNs/sec. How many hosts you want to
protect with such a firewall?


Dima

Avi Freedman writes:


If someone can hose a firewall with an adaptive SYN timeout and
a 100,000 or more-entry state storage structure for pending SYNs
(not that any particular implementation does this that I know of 
or don't know of) then I *WANT* them to attack me.

Something that un-subtle should be eeasy to track back to the source.

Tom E. Perrine (tep () SDSC EDU) | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     | Voice: +1.619.534.5000
"Ille Albus Canne Vinco Homines" - You Know Who

Avi


- - - - - - - - - - - - - - - - -

Current thread:

Re: TCP SYN attacks Richard Stiennon (Oct 03)
- Re: TCP SYN attacks Dima Volodin (Oct 03)
  - Re: TCP SYN attacks Tom Perrine (Oct 03)
    - Re: TCP SYN attacks Avi Freedman (Oct 03)
    - Re: TCP SYN attacks Dima Volodin (Oct 04)
    - Re: TCP SYN attacks Avi Freedman (Oct 04)
    - Re: TCP SYN attacks Tim Bass (Oct 04)
    - Re: TCP SYN attacks Dima Volodin (Oct 04)
    - Re: TCP SYN attacks Alexis Rosen (Oct 03)
- Re: TCP SYN attacks (SYNDefender white paper) root (Oct 03)
- Re: TCP SYN attacks Perry E. Metzger (Oct 03)
- <Possible follow-ups>
- RE: TCP SYN attacks Ted Linnenkamp (Oct 04)
  - Re: TCP SYN attacks Avi Freedman (Oct 04)