Re: router syn/syn-ack/ack alarming...

["Jeff Young" <young () mci net>]

i think that they're talking about shutting down the source,
not the destination.  if you deploy it on your own incoming
interface, well, gun - foot - bang :-)

Jeff Young
young () mci net

> From: Regis Donovan <regisdo () microsoft com>
> To: "'nanog () merit edu'" <nanog () merit edu>
> Subject: router syn/syn-ack/ack alarming...
> Date: Tue, 17 Sep 1996 13:23:35 -0700
> X-Mailer:  Microsoft Exchange Server Internet Mail Connector Version 4.0.994.24
> Encoding: 13 TEXT
> Sender: owner-nanog () merit edu
> Content-Type: text
> Content-Length: 522
>
> um... maybe i'm missing the clue here, but if the router vendors add
> something that shuts down an interface if the SYN/SYN-ACK/ACK ratio
> becomes too bad make it *easier* for me if i'm doing a denial of service
> attack on a host?  
>
> instead of denying service to a given host, all i have to do is drive
> the router into alarm mode so it shuts off the interface and then i get
> to deny service to an entire segment and everything downstream from that
> segment...
>
> here's to better bang for your cracker-kiddie buck...
> --regis
> >

- - - - - - - - - - - - - - - - -