nanog mailing list archives
Re: TCP SYN attacks - a simple solution
From: Tim Bass <bass () linux silkroad com>
Date: Sun, 6 Oct 1996 21:07:34 -0400 (EDT)
best solution known so far is Random Drop of waiting connections
.... Random Drop and Oldest drop do not work against high speed attacks. I thought it was agreed by all on this list last week that Jeff's solution to delay data structure initialization until after the handshake is complete was more reliable than Random Drop and is proven by Jeff on BSD to work with high speed attacks. I'm confused on the "Random Drop is best" statement, Mike? There are very reliable 'others' who seem to have a better and more robust solution. Why the bias toward a solution that does not work but in the slow case? Best Regards, Tim - - - - - - - - - - - - - - - - -
Current thread:
- TCP SYN attacks - a simple solution Rex di Bona (Oct 06)
- Re: TCP SYN attacks - a simple solution Avi Freedman (Oct 06)
- <Possible follow-ups>
- Re: TCP SYN attacks - a simple solution Matthew Kaufman (Oct 06)
- Re: TCP SYN attacks - a simple solution Avi Freedman (Oct 06)
- Re: TCP SYN attacks - a simple solution Mike O'Dell (Oct 06)
- Re: TCP SYN attacks - a simple solution Tim Bass (Oct 06)
- Re: TCP SYN attacks - a simple solution Perry E. Metzger (Oct 06)
- Re: TCP SYN attacks - a simple solution Tim Bass (Oct 06)
- Re: TCP SYN attacks - a simple solution Jeff Weisberg (Oct 07)
- Re: TCP SYN attacks - a simple solution Avi Freedman (Oct 07)
- Re: TCP SYN attacks - a simple solution Jeff Weisberg (Oct 07)