Date: Fri, 13 Sep 1996 17:33:28 GMT From: Peter Childs <pjchilds@imforei.apana.org.au> To: michael@memra.com, freebsd-hackers@freebsd.org Subject: Re: SYN floods - possible solution? (fwd) Message-ID: <199609131733.RAA02244@al.imforei.apana.org.au>
next in thread | raw e-mail | index | archive | help
In article <Pine.BSI.3.93.960912233311.11005G-100000@sidhe.memra.com> you wrote: : Now here is something that could be used by sites to protect against SYN : flood attacke assuming that they can build a special custom box with : enough RAM to buffer the sockets for 30 seconds or more. How high a rate I don't think its going to work too well. Say your getting flooded with a stack of IP spoofed SYN connections... and your "super-spoof-protection-box" grabs 'em and sends off ICMP pings to the origin addresses.... and then those addresses all reply. Nothing stops the attackers using IP's that _are_ valid, and then the pings will succeed... One way of helping to insulate against denial of service attacks like these is to have your "inside" network with hosts for pop, telnet, etc, and then have a different machine servicing requests from the _big_bad_internet_ ... so if it gets trashed... well.. life goes on. Doing this with creative DNS and some well placed firewalls could be an idea. Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609131733.RAA02244>