North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN floods (was: does history repeat itself?)
On Mon, 9 Sep 1996, Perry E. Metzger wrote: > I think its time for the larger providers to start filtering packets > coming from customers so that they only accept packets with the > customer's network number on it. > > Yes, its a load on routers. Yes, its nasty for the mobile IP weenies. > Unfortunately, the only known way to stop this. On my private network I can send 600 or more SYN packets to my telnet port (w/faked, unreachable source addresses + random seq numbers), yet the port doesn't seem to be flooded. It's a linux box. The telnet daemon seems to be able to tell the difference between a faked packet and a real one. Even when spoofing from localhost, it reports a connection from unknown. Obviously, there seems to be a solution to this problem. ?? -- Billy Biggs Ottawa, Canada - - - - - - - - - - - - - - - - -
|