"Roderick Murchison, Jr." <murchiso @
>That's where the filtering comes in. We would detect and halt a large
>grouping of SYN's with the same source IP and drop them. THis still does
>not protect the firewall from getting hit with a flurry of SYN's with
>random source IP's, but it should keep the firewall from being used as a
>proxy for the attack.
Yes, if you record the source address you solve this problem.
"Yea, the heavens shall open and the NP-complete solution given forth.
ATT executives shall give birth to two-headed operating systems, and
copyrights shall be expunged. The voice of the GNU shall be heard, but
the faithless will be without transcievers." -- me