North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Tim Bass
  • Date: Mon Sep 16 21:05:02 1996

Micheal Dillon suggests:

> There are at least three things you can do to protect yourself from such
> attacks. One is to patch your UNIX/BSD kernel to allow much higher numbers
> of incomplete socket connections. One is to have another machine or your
> network issue RST's for sockets that it thinks are part of the SYN flood
> attack. And one is to install a SYN proxy machine between your net and the
> Internet which catches all SYN packets and holds them until an ACK is
> received at which point the SYN and the ACK are passed on to your network. 
> Such a proxy can be built to handle HUGE numbers of incomplete conections.

Great suggestion Mike!  Much quicker to do than a stochastic analysis
of the pseudo-random nature of the attack (unless your the US goverment :-)
and much cheaper to implement (unless your the US goverment :-)

Certainly the UNIX proxy hack is easier than resorting to code-breaking,
stochastic methods.

Hats off to you,

Tim

- - - - - - - - - - - - - - - - -