Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: SYN floods - possible solution?(update)
From: scs @ lokkur . dexter . mi . us (Steve Simmons)
Organization: Inland Sea
Date: 13 Sep 1996 11:41:33 -0400
To: firewalls @ GreatCircle . COM
Distribution: local
Newsgroups: local.firewalls
References: <Pine . SOL . 3 . 95 . 960913110653 . 16566A-100000 @ tartarus> 
"Roderick Murchison, Jr." <murchiso @
 vivid .
 newbridge .
 com> writes:

>That's where the filtering comes in.  We would detect and halt a large
>grouping of SYN's with the same source IP and drop them.  THis still does
>not protect the firewall from getting hit with a flurry of SYN's with
>random source IP's, but it should keep the firewall from being used as a
>proxy for the attack.

Yes, if you record the source address you solve this problem.
-- 
  "Yea, the heavens shall open and the NP-complete solution given forth.
ATT executives shall give birth to two-headed operating systems, and 
copyrights shall be expunged.  The voice of the GNU shall be heard, but
the faithless will be without transcievers."   -- me
Follow-Ups:
References:
Indexed By Date Previous: Re: SYN floods - possible solution?(update)
From: "Roderick Murchison, Jr." <murchiso @ vivid . newbridge . com>
Next: Re: SNMP scan
From: Wayne Gifford Sun Internet Commerce Group <giff @ sundc . East . Sun . COM>
Indexed By Thread Previous: Re: SYN floods - possible solution?(update)
From: "Roderick Murchison, Jr." <murchiso @ vivid . newbridge . com>
Next: Re: SYN floods - possible solution?(update)
From: Blast <blast @ worldbit . com>
Google
 
Search Internet Search www.greatcircle.com