nanog mailing list archives

Re: SYN floods continue

From: Avi Freedman <freedman () netaxs com>
Date: Wed, 11 Sep 1996 13:11:03 -0400 (EDT)

I don't know, but since nobody else seems to either, how about a 
router box that detects excessive SYN activity and then automatically 
blocks that ip address for awhile?  I suppose it just means that
the attacker has to vary the source address rapidly.

If they modulate the phasers we just need to modulate the sheilds. :-O

If someone comes up with a good solution we will be glad to impliment it.
-- 
/*Joseph T. Klein         *    Keep Cool, but Don't Freeze
* NAP.NET, LLC            *
* phone  +1 414 747-8747  *                    - Hellman's Mayonnaise
* http://www.nap.net     */


Well, it's a good analogy (modulating the phasers).
But they're *randomizing* the phasers...

Avi
- - - - - - - - - - - - - - - - -

Current thread:

SYN floods continue Alexis Rosen (Sep 11)
- Re: SYN floods continue Robert Bowman (Sep 11)
- Re: SYN floods continue Jon Zeeff (Sep 11)
  - Re: SYN floods continue Joseph T. Klein (Sep 11)
    - Re: SYN floods continue Avi Freedman (Sep 11)
    - Re: SYN floods continue alex (Sep 11)
  - Re: SYN floods continue Larry J. Plato (Sep 11)
- Re: SYN floods continue Michael Dillon (Sep 11)
  - Re: SYN floods continueg Avi Freedman (Sep 11)
- Re: SYN floods continue Steven L. Johnson (Sep 11)
  - Re: SYN floods continueh Avi Freedman (Sep 12)
- <Possible follow-ups>
- Re: SYN floods continue Sean Donelan (Sep 11)
- Re[2]: SYN floods continue Pat Calhoun (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Justin W. Newton (Sep 11)

(Thread continues...)