nanog mailing list archives

Re: ideas for half-open sync flood fixs

From: Brian Murrell <Brian_Murrell () bctel net>
Date: Fri, 20 Sep 1996 10:02:02 -0700 (PDT)

from the quill of peter () telescan com (Peter Cole) on scroll
<199609201650.MAA10156 () merit edu>

fix 1.  Doesn't the network respond with ICMP message to the attacked
host 
telling it that the nonexistent host is unreachable.  The attacked host
could 
close a half open socket if it received a ICMP message with the
corresponding 
host address and socket port data.


Ideally.  A lot of firewalls silently drop packets which don't get past the
security policy to make port scanning take much longer than it would if
ICMP's were sent back.  No resets, no ICMP unreachable.

b.


--
Brian J. Murrell                                        Brian_Murrell () bctel net
BCTel Advanced Communications                                   brian () ilinx com
Vancouver, B.C.                                                brian () wimsey com
604 454 5279
- - - - - - - - - - - - - - - - -

Current thread:

ideas for half-open sync flood fixs Peter Cole (Sep 20)
- Re: ideas for half-open sync flood fixs Brian Murrell (Sep 20)