Date: Thu, 13 May 1999 19:41:12 -0700 (PDT) From: Thamer Al-Herbish <shadows@whitefang.com> To: security@FreeBSD.ORG Subject: Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD Message-ID: <Pine.BSF.4.05.9905131938000.267-100000@rage.whitefang.com> In-Reply-To: <4.2.0.37.19990513202450.0444fca0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 May 1999, Brett Glass wrote: > How often are the IP addresses spoofed during SYN floods? (I know > it's perfectly practical to do so, since the flooder doesn't > care about responses, but routers may preclude it.) Completely arbitrary. I could literally send out thousands as long as I know they are unreachable. I could use, say 10 different addresses and make a zillion packets. Bandwidth and my imagination are the only barriers. > It could be that discarding SYNS from addresses that send excessive > numbers of them would let the legitimate folk keep working. Yes, but it will be worthless against syn flooders. Keep in mind that you want an unreachable address: the returned SYN-ACK is irrelevant. -- Thamer Al-Herbish PGP public key: shadows@whitefang.com http://www.whitefang.com/pgpkey.txt [ The Secure UNIX Programming FAQ http://www.whitefang.com/sup/ ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905131938000.267-100000>