Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: SYN floods - possible solution?
From: Paul Ferguson <pferguso @ cisco . com>
Date: Sat, 14 Sep 1996 08:17:22 -0400
To: Adam Shostack <adam @ homeport . org>
Cc: murchiso @ vivid . newbridge . com, firewall-1 @ applicom . co . il, firewalls @ GreatCircle . COM 
At 09:12 AM 9/13/96 -0500, Adam Shostack wrote:

>There may be real connections from machines which can not be
>pinged.
>
>If your firewall is a smart relay, it could send a rst after a short
>time without seeing an inbound SYN/ACK.
>

This is an approach that some folks have been discussing; offloading
the SYN->ACK responsibility to a proxy which verifies reachability
of the originator.

- paul
Indexed By Date Previous: Re: SecurID White Paper - A Comment
From: vin @ shore . net (Vin McLellan)
Next: DEC firewalls
From: Janus4u @ aol . com
Indexed By Thread Previous: Re: SYN floods - possible solution?
From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Next: Re: SYN floods - possible solution?
From: "Daniel J Blander - Sr. Systems Engineer for ACS" <Daniel . Blander @ ACSacs . Com>
Google
 
Search Internet Search www.greatcircle.com