Date: Tue, 10 Sep 1996 15:31:50 -0400 (EDT) From: Dev Chanchani <dev@trifecta.com> To: Brian Tao <taob@io.org> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>, BUGTRAQ@NETSPACE.ORG Subject: Re: Panix Attack: synflooding and source routing? Message-ID: <Pine.BSF.3.91.960910152936.13456A-100000@www.trifecta.com> In-Reply-To: <Pine.NEB.3.92.960907114113.240B-100000@zap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 7 Sep 1996, Brian Tao wrote: > Wouldn't turning off source-routing on your border router > alleviate most of this problem? It won't help if you have someone > synflooding a port from within your network, but at least it would > prevent outside attacks. Or is this a "one-way" attack (i.e., a > return route to host is not needed)? syn-flooding dennial of service attacks are one-way attacks. basically, the attacker will spoof tcp/syn packets to a particular port on your machine. typical *nix systems will have a buffer for 4-8 un-acked syn's. this means if they begin to flood your system with syn's without establishing the connection, your system will hang in a semi-open socket state denying, denying other connection open requests. because the attacks are spoofed, you cannot deny packets from a particular host. anyone have any ideas for writing a paricular monitor or patch dealing with this attack?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960910152936.13456A-100000>