Date: Fri, 13 Sep 1996 22:39:14 +1000 (EST) From: Julian Assange <proff@suburbia.net> To: pjchilds@imforei.apana.org.au (Peter Childs) Cc: michael@memra.com, freebsd-hackers@freebsd.org Subject: Re: SYN floods - possible solution? (fwd) Message-ID: <199609131239.WAA21836@suburbia.net> In-Reply-To: <199609131733.RAA02244@al.imforei.apana.org.au> from "Peter Childs" at Sep 13, 96 05:33:28 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> In article <Pine.BSI.3.93.960912233311.11005G-100000@sidhe.memra.com> you wrote: > > : Now here is something that could be used by sites to protect against SYN > : flood attacke assuming that they can build a special custom box with > : enough RAM to buffer the sockets for 30 seconds or more. How high a rate > > I don't think its going to work too well. Say your getting flooded > with a stack of IP spoofed SYN connections... and your > "super-spoof-protection-box" grabs 'em and sends off ICMP pings to > the origin addresses.... and then those addresses all reply. > > Nothing stops the attackers using IP's that _are_ valid, and then > the pings will succeed... If the IP's are valid then the SYN|ACK's will be RST'd immediately. Although, you could choose valid addresses behind a filtering firewall that allows ICMP ECHO's through, but not SYN|ACK's ;) -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609131239.WAA21836>