nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: Avi Freedman <freedman () netaxs com>
Date: Mon, 16 Sep 1996 20:53:57 -0400 (EDT)
Have a look at the firewalls mailing list archive for more info http://www.greatcircle.com/firewalls/archive/firewalls.9609.Z There are at least three things you can do to protect yourself from such attacks. One is to patch your UNIX/BSD kernel to allow much higher numbers of incomplete socket connections. One is to have another machine or your network issue RST's for sockets that it thinks are part of the SYN flood
I like this.
attack. And one is to install a SYN proxy machine between your net and the Internet which catches all SYN packets and holds them until an ACK is received at which point the SYN and the ACK are passed on to your network.
I like this even more, but the potential for disaster if the box goes down is just too huge...
Such a proxy can be built to handle HUGE numbers of incomplete conections. Michael Dillon - ISP & Internet Consulting
Avi - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Curtis Villamizar (Sep 17)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 16)
- Re: New Denial of Service Attack on Panix Rashid Karimov (Sep 17)
- Re: New Denial of Service Attack on Panix Christopher Blizzard (Sep 17)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 16)
- Re: New Denial of Service Attack on Panix Craig A. Huegen (Sep 16)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 16)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 16)
- Re: New Denial of Service Attack on Panix George Herbert (Sep 16)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 16)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 16)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Craig A. Huegen (Sep 16)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 16)
- Re: New Denial of Service Attack on Panix Jon Green (Sep 16)