North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re[6]: SYN floods (was: does history repeat itself?)

  • From: Pat Calhoun
  • Date: Wed Sep 11 11:29:03 1996 
     Alec,
     
        I agree but if the NAS has the ability of raising a flag if a 
     malicious user (done with the user of a filter at the edge) tried to 
     create havoc, it would make your life much easier in not only 
     tracking, but possibly taking legal action.
     
     Pat R. Calhoun                                e-mail: [email protected] 
     Project Engineer - Lan Access R&D                phone: (847) 933-5181 
     US Robotics Access Corp.

______________________________ Reply Separator _________________________________
Subject: Re: Re[4]: SYN floods (was: does history repeat itself?)
Author:  "Alec H. Peterson" <[email protected]> at Internet
Date:    9/10/96 5:05 PM


Pat Calhoun writes:
>
>     Alexis,
>     
>        However if you are filtering on your outbound router to the net, 
>     there is still the possbility that a malicious user could spoof 
>     addresses as long as they belong to your address space. By moving the 
>     filter out to the edge (when you have the equipment) this eliminates 
>     that problem as well.
     
This is true, but if it is a valid host, the invalid SYNs will do 
nothing, because the source host will send a RST and the 
almost-connection will be torn down.  And if it isn't a valid host, it 
will still be _much_ easier to track, because you know in general where 
it's coming from.
     
Alec
     
-- 
+------------------------------------+--------------------------------------+ 
|Alec Peterson - [email protected]   | Panix Public Access Internet and UNIX| 
|Network Administrator/Architect     | New York City, NY                    | 
+------------------------------------+--------------------------------------+
Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP
  (IMA Internet Exchange 2.02 Enterprise) id 23485B30; Mon, 9 Sep 96 16:01:39
-0500
Received: from panix2.panix.com by usr.com (8.7.5/3.1.090690-US Robotics)
	id QAA23411; Tue, 10 Sep 1996 16:05:00 -0500 (CDT)
Received: (from [email protected]) by panix2.panix.com (8.7.5/8.7/PanixU1.3) id
RAA20652; Tue, 10 Sep 1996 17:05:21 -0400 (EDT)
From: "Alec H. Peterson" <[email protected]>
Message-Id: <[email protected]>
Subject: Re: Re[4]: SYN floods (was: does history repeat itself?)
To: [email protected] (Pat Calhoun)
Date: Tue, 10 Sep 1996 17:05:21 -0400 (EDT)
Cc: [email protected], [email protected], [email protected]
In-Reply-To: <[email protected]> from "Pat Calhoun" at Sep 10, 96 01:21:45
pm
X-Mailer: ELM [version 2.4 PL24 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit