nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: dvv () sprint net (Dima Volodin)
Date: Thu, 3 Oct 1996 11:21:37 -0400 (EDT)
Now can I hold my breath waiting for vendors to incorporate this stuff into their products? Has anybody heard anything from Sun on this matter? Dima Mike O'Dell writes:
Vern Schriver at SGI has been running experiements and the conclusions are pretty compelling. Have the listen queue do Random Drop of waiting connections. If the queue size is equal or greater than the attack rate times the expected roud-trip time, the probability of a real session connecting on the first SYN is very close to one. Note this performs much better than "oldest drop" (aka FIFO). In his tests, a machine sustained a 1200 SYN/second attack with no observable impact in system performance. With a queue size of 383, from a machine 250 msec round-trip thousands of connections completed with only a handful of initial SYN retransmissions (again, with a 1200 SYN/sec attack). Best way to make the bogons leave is to make it not fun anymore. This certainly seems to accomplish the goal. -mo
- - - - - - - - - - - - - - - - -
Current thread:
- Re: DoS, ICMP, proxies, SYNDefender, (continued)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: New Denial of Service Attack on Panix Mike O'Dell (Oct 03)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix Mike O'Dell (Oct 03)
- Re: New Denial of Service Attack on Panix Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
- SUN: Re: New Denial of Service Attack on Panix Allan Chong (Oct 03)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Oct 03)
- Re: TCP SYN attacks Ran Atkinson (Oct 03)
- Re: TCP SYN attacks Zach (Oct 03)
- Re: TCP SYN attacks Avi Freedman (Oct 03)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)