nanog mailing list archives
Re: DoS, ICMP, proxies, SYNDefender
From: Avi Freedman <freedman () netaxs com>
Date: Fri, 4 Oct 1996 16:17:29 -0400 (EDT)
See Jeff Weisberg's post to nanog yesterday. It can be solved in tcp_input.c, even for tens of thousands of syn packets/second. Just keep no state until the syn/ack comes back (and with a valid hash matching one you would have supplied as an initial seq number). Avi
Dimo laments: > Yep. Life sucks and we all die. Victor Hugo, _The Hunchback of Notre Dame_ and _Les Miserables_ both inspired by the author seeing the word FATALITY graphically painted on a wall in Paris. (I highly recommend _Les Miserables_) Jean Valjean, the man who, for stealing a loaf of bread to feed a starving family, lives out his entire life in misery... ... hence, FATALITY (set in Paris in the early 1800s) Anyway ..... I'll drop off unless someone can provide a technical suggestion on an algorithm that will stop high speed TCP SYN attacks in tcp_input.c (otherwise, I'm not moving toward my aim/target) What is the IPV6 approach to solving this problem? Is there one? Regards, Tim
- - - - - - - - - - - - - - - - -
Current thread:
- Re: DoS, ICMP, proxies, SYNDefender, (continued)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Perry E. Metzger (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Perry E. Metzger (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Dima Volodin (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Dima Volodin (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)