North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
Tim writes: >> There are at least three things you can do to protect yourself from such >> attacks. One is to patch your UNIX/BSD kernel to allow much higher numbers >> of incomplete socket connections. One is to have another machine or your >> network issue RST's for sockets that it thinks are part of the SYN flood >> attack. And one is to install a SYN proxy machine between your net and the >> Internet which catches all SYN packets and holds them until an ACK is >> received at which point the SYN and the ACK are passed on to your network. >> Such a proxy can be built to handle HUGE numbers of incomplete conections. > >Great suggestion Mike! Much quicker to do than a stochastic analysis >of the pseudo-random nature of the attack (unless your the US goverment :-) >and much cheaper to implement (unless your the US goverment :-) >Certainly the UNIX proxy hack is easier than resorting to code-breaking, >stochastic methods. >Hats off to you, I'm not sure it's even possible to analyze the pseudo-random shifting attack (among other problems, there will be legitimate traffic in the stream, so knowing what SYNs are bad is a pain) in anything approaching realtime, so yes, one of the other methods is a much better choice 8-) -george william herbert [email protected] - - - - - - - - - - - - - - - - -
|