On Thu, 12 Sep 1996, Blast wrote:
> This problem has kept me awake more than coffee. :-)
Ditto... I just woke up *again* with a kludgy but potential defense...
sorry if this is totally out of whack, but I'm really beat!
Ok. say you have a firewall between your network and you Internet
connection. If that firewall could detect and *detain* a segment with the
SYN option set, then see if the set source IP answers an ICMP echo
request, we could effectively determine whether or not the SYN could be
dropped at the firewall and not sent through to spam our hosts. If the
source responds, release the SYN and let it pass through to the intended
host. If it does not, trash the SYN and log the failure.
Some moderate tracking and aging methods could be employed to
intelligently quick drop sources we know are recently offline, and lessen
the amount of echo requests we send out.
Could this be a potential defense? If so, what products would be best
suited to implement this?
hope this helps,
Roderick Murchison, Jr. murchiso @
Newbridge Networks, Inc. office: (703) 708-5930
Product Manager - VIVID ACS fax: (703) 708-5937
Herndon, VA 22070-5241 http://www.vivid.newbridge.com