nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SYN floods (was: does history repeat itself?)

From: Vektor Sigma <ae687 () freenet carleton ca>
Date: Mon, 9 Sep 1996 21:29:34 -0400 (EDT)
On Mon, 9 Sep 1996, Perry E. Metzger wrote:


I think its time for the larger providers to start filtering packets
coming from customers so that they only accept packets with the
customer's network number on it. 

Yes, its a load on routers. Yes, its nasty for the mobile IP weenies.
Unfortunately, the only known way to stop this.


On my private network I can send 600 or more SYN packets to my telnet port 
(w/faked, unreachable source addresses + random seq numbers), yet the 
port doesn't seem to be flooded.

It's a linux box.

The telnet daemon seems to be able to tell the difference between a faked 
packet and a real one.  Even when spoofing from localhost, it reports a 
connection from unknown.

Obviously, there seems to be a solution to this problem.  ??

--
Billy Biggs
Ottawa, Canada
- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: