Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: SYN floods - possible solution?
From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Date: 16 Sep 96 10:04:48 EDT
To: firewalls <firewalls @ sybase . com> 
I don't remember taking a vote about whether 
the solution had to be publically available or not, but be that as it may...

I don't know if Firewall-1 will protect from 
SYN attacks right now, as-is, out of the box,
but it certainly could should it be
modified to do so.  The product is designed to 
handle thousands of connections at a time, whereas
the host computer apparantly can't (of this type anyhow)
The difference is that the Firewall-1 machine doesn't
use the connections itself, it just keeps track of them.
It could accept the SYNs all day long, and have the 
timeout value set as high as you like, as long
as it had enough memory.

I don't work for Checkpoint, I just use their 
products..

   Ryan

---------- Previous Message ----------
To: Daniel.Blander
cc: firewalls
From: blast @ worldbit.com @ smtp
Date: 09/13/96 06:07:50 AM
Subject: Re: SYN floods - possible solution?

On Fri, 13 Sep 1996, Daniel J Blander - Sr. Systems Engineer for ACS wrote:

>
> Granted that I am no underlying code expert, but can not Firewall-1's
> code be tweeked to do this?  Since it handles all packets before it hits
> the actual ports, these checks can be input...and the code and header to the
> compile  are open to "hack"...

This discussion is about having a publicly available resource and that
resource being exausted because of this attack.

There is no way Firewall-1 can offer anymore defence then the victim
host.  Keep in mind that these SYN's are not from a real person AND
they dont need to get back to the attacker.  ALl the attacker needs
to do is get a single packet to the victim as a reasonable rate.

I hope that is clear, I have not had my coffee yet.

--blast
   +--------------------------------------------------------------------+
   \    Tim Keanini    |         "The limits of my language,            /
   /    aka blast      |         are the limits of my world."           \
   \                   |         --Ludwig Wittgenstein                  /
   \                   +================================================/
   |Key fingerprint =  7B 68 88 41 A8 74 AB EC  F0 37 98 4C 37 F7 40 D6 |
   /    PUB KEY: http://www-swiss.ai.mit.edu/~bal/pks-commands.html     \
   \  <blast @
 worldbit .
 com>                                              /
   +--------------------------------------------------------------------+
Indexed By Date Previous: Firewall Alpha Digital AXP 3200
From: Gildasio Rocha Filho <gildasio @ mail . cult . com . br>
Next: Re: SparcLinux/OS for a secure bastion host !
From: Adam Shostack <adam @ homeport . org>
Indexed By Thread Previous: Re: SYN floods - possible solution?
From: "Daniel J Blander - Sr. Systems Engineer for ACS" <Daniel . Blander @ ACSacs . Com>
Next: Re: SYN floods - Throttle it
From: Bill Stout <bill . stout @ hidata . com>
Google
 
Search Internet Search www.greatcircle.com