nanog mailing list archives
Re: New Denial of Service Attack on Panix
From: Michael Dillon <michael () memra com>
Date: Mon, 16 Sep 1996 19:32:48 -0700 (PDT)
On Mon, 16 Sep 1996, Craig A. Huegen wrote:
The SYN flood coming towards my host X looks like this, at approximately 2,000 PPS: 182.58.239.2.1526 -> 172.30.15.5.80 TCP SYN 19.23.212.4.10294 -> 172.30.15.5.80 TCP SYN 93.29.233.68.4355 -> 172.30.15.5.80 TCP SYN [... on and on ...] Tell me how to filter this.
The only thing that comes close to the concept of "filtering" is to build a SYN proxy that replies with SYN-ACK and hangs onto SYN packets until the ACK is received from the net before actually letting the packets through to your server. This may require sequence number munging on every packet but that's generally the kind of thing proxies do. Of course, such a proxy does not yet exist except possibly as somebody's home-built box based on some stripped down BSD-ish UNIX kernel with various modifications. But assuming that you can build a box with enough horsepower to handle 100baseTx/FDDI/whatever in and 100baseTx/FDDI/whatever out, then this is in the realm of possibility. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael () memra com - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Craig A. Huegen (Sep 16)
- Re: New Denial of Service Attack on Panix Jonathan Heiliger (Sep 17)
- Re: New Denial of Service Attack on Panix Forrest W. Christian (Sep 17)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 17)
- Re: New Denial of Service Attack on Panix Erik E. Fair (Sep 17)
- Re: New Denial of Service Attack on Panix Curtis Villamizar (Sep 17)
- Re: New Denial of Service Attack on Panix Forrest W. Christian (Sep 17)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 17)
- Re: New Denial of Service Attack on Panix Curtis Villamizar (Sep 17)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Michael Dillon (Sep 16)
- Re: New Denial of Service Attack on Panix Rashid Karimov (Sep 17)
- Re: New Denial of Service Attack on Panix Christopher Blizzard (Sep 17)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 16)
- Re: New Denial of Service Attack on Panix Craig A. Huegen (Sep 16)
- Re: New Denial of Service Attack on Panix Perry E. Metzger (Sep 16)
- Re: New Denial of Service Attack on Panix Avi Freedman (Sep 16)
- Re: New Denial of Service Attack on Panix Tim Bass (Sep 16)
- Re: New Denial of Service Attack on Panix George Herbert (Sep 16)