Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Sep 1996 17:33:28 GMT
From:      Peter Childs <pjchilds@imforei.apana.org.au>
To:        michael@memra.com, freebsd-hackers@freebsd.org
Subject:   Re: SYN floods - possible solution? (fwd)
Message-ID:  <199609131733.RAA02244@al.imforei.apana.org.au>

next in thread | raw e-mail | index | archive | help
In article <Pine.BSI.3.93.960912233311.11005G-100000@sidhe.memra.com> you wrote:

: Now here is something that could be used by sites to protect against SYN
: flood attacke assuming that they can build a special custom box with
: enough RAM to buffer the sockets for 30 seconds or more. How high a rate

 I don't think its going to work too well.   Say your getting flooded
 with a stack of IP spoofed SYN connections... and your 
 "super-spoof-protection-box" grabs 'em and sends off ICMP pings to
 the origin addresses....  and then those addresses all reply.

 Nothing stops the attackers using IP's that _are_ valid, and then
 the pings will succeed...

 One way of helping to insulate against denial of service attacks like
 these is to have your "inside" network with hosts for pop, telnet,
 etc, and then have a different machine servicing requests from
 the _big_bad_internet_ ... so if it gets trashed... well.. life
 goes on.    Doing this with creative DNS and some well placed
 firewalls could be an idea.

 Peter

--
 Peter Childs  ---  http://www.imforei.apana.org.au/~pjchilds
  Finger pjchilds@al.imforei.apana.org.au for public PGP key
         Drag me, drop me, treat me like an object!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609131733.RAA02244>