nanog mailing list archives
Re: New Denial of Service Attack ...
From: Christopher Blizzard <blizzard () odin nyser net>
Date: Wed, 25 Sep 1996 09:25:37 -0400
In message <199609250552.AA19213 () zen isi edu>, postel () ISI EDU writes: :----- Begin Included Message ----- : :Subject: Re: FW: Latest attacks.... :Date: Thu, 19 Sep 1996 08:39:02 +0100 :From: Jon Crowcroft <J.Crowcroft () cs ucl ac uk> : : :Date: Wed, 18 Sep 1996 14:32:14 -0600 :From: vjs () mica denver sgi com (Vernon Schryver) :Subject: SYN bombing defense : :As reported here, in article <vxjiv9hkmcb.fsf_-_ () dominator eecs harvard edu> :in comp.protocols.tcp-ip, Robert Morris <rtm () dominator eecs harvard edu> wrot :e: : :>Perhaps TCP's listen queue should use random early drop (RED), a :>technique used by routers to prevent any one source from monopolizing :>a queue. See http://www-nrg.ee.lbl.gov/floyd/abstracts.html#FJ93 or :>rfc1254. :> ... : :I've just hacked IRIX 6.3 to do random-drop when sonewconn() in :tcp_input.c fails. It works great! An IP22 receiving 1200 bogus :SYN's per second directed to port 23 continues to answer requests :for new telnet as if nothing is happening. : Alan Cox just released a patch vs Linux 2.0.21 that does this. It works quite well. As best I can tell from the patch and the mail that preceded it it attempts to maintain about 30% free in the receive queue. I've been running it for a couple of days and it does quite well defending against these attacks. I've stuck it on my web page. http://odin.nyser.net/~blizzard/linux/ --Chris : :Vernon Schryver, vjs () sgi com : :------- End of Forwarded Message : :----- End Included Message ----- ------------------------------------------------------------------- Christopher Blizzard | "The truth knocks on the door and you say blizzard () nysernet org | 'Go away. I'm looking for the truth,' and NYSERNet, Inc. | so it goes away." --Robert Pirsig ------------------------------------------------------------------- - - - - - - - - - - - - - - - - -
Current thread:
- Re: New Denial of Service Attack ... postel (Sep 24)
- Re: New Denial of Service Attack ... Christopher Blizzard (Sep 25)
- Re: New Denial of Service Attack ... Tim Bass (Sep 25)
- Re: New Denial of Service Attack ... Christopher Blizzard (Sep 25)
- Re: New Denial of Service Attack ... Tim Bass (Sep 25)
- <Possible follow-ups>
- Re: New Denial of Service Attack ... Ran Atkinson (Sep 25)
- Re: New Denial of Service Attack ... Leonid Egoshin (Sep 25)
- Re: New Denial of Service Attack ... Barney Wolff (Sep 25)
- Re: New Denial of Service Attack ... Vernon Schryver (Sep 25)
- Re: New Denial of Service Attack ... Barney Wolff (Sep 25)
- Re: New Denial of Service Attack ... Vernon Schryver (Sep 25)
- Re: New Denial of Service Attack ... Christopher Blizzard (Sep 25)