North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Re[4]: SYN floods (was: does history repeat itself?)
Pat Calhoun writes: > > Alexis, > > However if you are filtering on your outbound router to the net, > there is still the possbility that a malicious user could spoof > addresses as long as they belong to your address space. By moving the > filter out to the edge (when you have the equipment) this eliminates > that problem as well. This is true, but if it is a valid host, the invalid SYNs will do nothing, because the source host will send a RST and the almost-connection will be torn down. And if it isn't a valid host, it will still be _much_ easier to track, because you know in general where it's coming from. Alec -- +------------------------------------+--------------------------------------+ |Alec Peterson - [email protected] | Panix Public Access Internet and UNIX| |Network Administrator/Architect | New York City, NY | +------------------------------------+--------------------------------------+ - - - - - - - - - - - - - - - - -
|