Date: Sat, 7 Sep 1996 19:28:34 +0200 (MET DST) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: freebsd-security@freebsd.org Subject: Re: Panix Attack: synflooding and source routing? Message-ID: <199609071728.TAA00407@ocean.campus.luth.se> In-Reply-To: <Pine.NEB.3.92.960907114113.240B-100000@zap.io.org> from Brian Tao at "Sep 7, 96 11:44:18 am"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Brian Tao: > Wouldn't turning off source-routing on your border router > alleviate most of this problem? It won't help if you have someone > synflooding a port from within your network, but at least it would > prevent outside attacks. Or is this a "one-way" attack (i.e., a > return route to host is not needed)? [Long message saying Panix was SYNflood attacked] Now, I'm far from an expert in this matter, but as far as I know a SYN-flood attack is a one way attack. You simply send TCP packet saying you'd like to start a connection with a machine and port, and that machine answers with an appropriate packet. That packet is simply "thrown in the void" since the source address of the first packet was faked. Just send all those SYN packets, however, will be enough to do serious damage, since the server will get busy and/or crash from the flooding. And you have to let SYN packets in or no one can connect at all, which in this case would mean no mail, at least. And that's a Bad Thing(tm). Very effective denial of service attack. You have to trace the source of the packets, through the routers on it's way there. But in this case, this included Sprint's routers. And well... Sprint seems to be generally braindamaged in a lot of situations. This time it was saying "shove it", when someone they provided with net, needed help. Not much Panix can do, I guess. Sad. /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609071728.TAA00407>