Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Sep 1996 22:39:14 +1000 (EST)
From:      Julian Assange <proff@suburbia.net>
To:        pjchilds@imforei.apana.org.au (Peter Childs)
Cc:        michael@memra.com, freebsd-hackers@freebsd.org
Subject:   Re: SYN floods - possible solution? (fwd)
Message-ID:  <199609131239.WAA21836@suburbia.net>
In-Reply-To: <199609131733.RAA02244@al.imforei.apana.org.au> from "Peter Childs" at Sep 13, 96 05:33:28 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> In article <Pine.BSI.3.93.960912233311.11005G-100000@sidhe.memra.com> you wrote:
> 
> : Now here is something that could be used by sites to protect against SYN
> : flood attacke assuming that they can build a special custom box with
> : enough RAM to buffer the sockets for 30 seconds or more. How high a rate
> 
>  I don't think its going to work too well.   Say your getting flooded
>  with a stack of IP spoofed SYN connections... and your 
>  "super-spoof-protection-box" grabs 'em and sends off ICMP pings to
>  the origin addresses....  and then those addresses all reply.
> 
>  Nothing stops the attackers using IP's that _are_ valid, and then
>  the pings will succeed...

If the IP's are valid then the SYN|ACK's will be RST'd immediately. 
Although, you could choose valid addresses behind a filtering firewall
that allows ICMP ECHO's through, but not SYN|ACK's ;)


-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609131239.WAA21836>