nanog mailing list archives
Re: router syn/syn-ack/ack alarming...
From: "Alex.Bligh" <amb () xara net>
Date: Tue, 17 Sep 1996 21:48:32 +0100
um... maybe i'm missing the clue here, but if the router vendors add something that shuts down an interface if the SYN/SYN-ACK/ACK ratio becomes too bad make it *easier* for me if i'm doing a denial of service attack on a host?
On "core" (whatever that means) you only need an extra couple of hundred SYNs /sec to be passing through an attack, on many many 000s of SYNs per sec. On customer facing routers, much easier just to block packets with source addresses not on customer LANs. IE where your solution would help, one can already fix the problem w/o a s/w change. Alex Bligh Xara Networks - - - - - - - - - - - - - - - - -
Current thread:
- router syn/syn-ack/ack alarming... Regis Donovan (Sep 17)
- Re: router syn/syn-ack/ack alarming... Alex.Bligh (Sep 17)
- Re: router syn/syn-ack/ack alarming... Mr. Jeremy Hall (Sep 17)
- Re: router syn/syn-ack/ack alarming... Perry E. Metzger (Sep 17)
- Re: router syn/syn-ack/ack alarming... Jeff Young (Sep 17)
- <Possible follow-ups>
- Re: router syn/syn-ack/ack alarming... Vadim Antonov (Sep 17)
- Re: router syn/syn-ack/ack alarming... Paul Ferguson (Sep 18)
- Re: router syn/syn-ack/ack alarming... Guy T Almes (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Guy T Almes (Sep 18)
- Re: router syn/syn-ack/ack alarming... Justin W. Newton (Sep 18)
- Re: router syn/syn-ack/ack alarming... Vern Paxson (Sep 18)
(Thread continues...)