North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re[6]: SYN floods (was: does history repeat itself?)
Alec, I agree but if the NAS has the ability of raising a flag if a malicious user (done with the user of a filter at the edge) tried to create havoc, it would make your life much easier in not only tracking, but possibly taking legal action. Pat R. Calhoun e-mail: [email protected] Project Engineer - Lan Access R&D phone: (847) 933-5181 US Robotics Access Corp. ______________________________ Reply Separator _________________________________ Subject: Re: Re[4]: SYN floods (was: does history repeat itself?) Author: "Alec H. Peterson" <[email protected]> at Internet Date: 9/10/96 5:05 PM Pat Calhoun writes: > > Alexis, > > However if you are filtering on your outbound router to the net, > there is still the possbility that a malicious user could spoof > addresses as long as they belong to your address space. By moving the > filter out to the edge (when you have the equipment) this eliminates > that problem as well. This is true, but if it is a valid host, the invalid SYNs will do nothing, because the source host will send a RST and the almost-connection will be torn down. And if it isn't a valid host, it will still be _much_ easier to track, because you know in general where it's coming from. Alec -- +------------------------------------+--------------------------------------+ |Alec Peterson - [email protected] | Panix Public Access Internet and UNIX| |Network Administrator/Architect | New York City, NY | +------------------------------------+--------------------------------------+ Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP (IMA Internet Exchange 2.02 Enterprise) id 23485B30; Mon, 9 Sep 96 16:01:39 -0500 Received: from panix2.panix.com by usr.com (8.7.5/3.1.090690-US Robotics) id QAA23411; Tue, 10 Sep 1996 16:05:00 -0500 (CDT) Received: (from [email protected]) by panix2.panix.com (8.7.5/8.7/PanixU1.3) id RAA20652; Tue, 10 Sep 1996 17:05:21 -0400 (EDT) From: "Alec H. Peterson" <[email protected]> Message-Id: <[email protected]> Subject: Re: Re[4]: SYN floods (was: does history repeat itself?) To: [email protected] (Pat Calhoun) Date: Tue, 10 Sep 1996 17:05:21 -0400 (EDT) Cc: [email protected], [email protected], [email protected] In-Reply-To: <[email protected]> from "Pat Calhoun" at Sep 10, 96 01:21:45 pm X-Mailer: ELM [version 2.4 PL24 ME8b] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit
|