nanog mailing list archives

Re: New Denial of Service Attack on Panix

From: dvv () sprint net (Dima Volodin)
Date: Thu, 3 Oct 1996 11:21:37 -0400 (EDT)

Now can I hold my breath waiting for vendors to incorporate this stuff
into their products? Has anybody heard anything from Sun on this
matter?


Dima

Mike O'Dell writes:


Vern Schriver at SGI has been running experiements and 
the conclusions are pretty compelling.

Have the listen queue do Random Drop of waiting connections.
If the queue size is equal or greater than the attack rate
times the expected roud-trip time, the probability of a
real session connecting on the first SYN is very close to one.

Note this performs much better than "oldest drop" (aka FIFO).

In his tests, a machine sustained a 1200 SYN/second attack
with no observable impact in system performance.  With a 
queue size of 383, from a machine 250 msec round-trip thousands
of connections completed with only a handful of initial SYN
retransmissions (again, with a 1200 SYN/sec attack).

Best way to make the bogons leave is to make it not fun anymore.

This certainly seems to accomplish the goal.

      -mo


- - - - - - - - - - - - - - - - -

Current thread:

Re: DoS, ICMP, proxies, SYNDefender, (continued)
- - - Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
    - Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
    - Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
    - Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
    - Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
    - Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
    - Re: New Denial of Service Attack on Panix Mike O'Dell (Oct 03)
    - Re: New Denial of Service Attack on Panix Tim Bass (Oct 03)
    - Re: New Denial of Service Attack on Panix Mike O'Dell (Oct 03)
    - Re: New Denial of Service Attack on Panix Tim Bass (Oct 03)
    - Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
    - SUN: Re: New Denial of Service Attack on Panix Allan Chong (Oct 03)
    - Re: New Denial of Service Attack on Panix Perry E. Metzger (Oct 03)
    - Re: TCP SYN attacks Ran Atkinson (Oct 03)
    - Re: TCP SYN attacks Zach (Oct 03)
    - Re: TCP SYN attacks Avi Freedman (Oct 03)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 02)
  - Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 03)
  - Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 03)

(Thread continues...)