Re: New Denial of Service Attack on Panix

[Paul Ferguson <pferguso () cisco com>]

I'm wondering if this is not quite the panacea that it appears. More
thought is certainly required here... asymmetry being a problem that
leaps to mind.

- paul

At 01:02 PM 9/17/96 -0700, Vadim Antonov wrote:

> This is the excellent idea!  Actually, router vendors may simply
> add a feature which shuts down the interface if SYN/SYN-ACK balance
> is too bad -- thus disconnecting the hacker-to-be.
>
> Of course, that balance may be decaying with time, so repeated
> unsuccessful attempts to connect won't trigger alarms.
>
> --vadim
>
> Forrest W. Christian <forrestc () iMach com> wrote:
>
> Maybe I'm missing something here, but wouldn't these Denial of Service 
> attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a 
> given router interface?
>
> If so, then couldn't we just sweet-talk cisco into providing 5 minute 
> counts of syns and syn-acks on an interface?

- - - - - - - - - - - - - - - - -