|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix:
> This is the excellent idea! Actually, router vendors may simply > add a feature which shuts down the interface if SYN/SYN-ACK balance > is too bad -- thus disconnecting the hacker-to-be. > > Of course, that balance may be decaying with time, so repeated > unsuccessful attempts to connect won't trigger alarms. > > --vadim Ah, that's fun if it's a XP interface we're talking about :) Presumably you wouldn't enable that option on one, though... Avi > Forrest W. Christian <[email protected]> wrote: > > Maybe I'm missing something here, but wouldn't these Denial of Service > attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a > given router interface? > > If so, then couldn't we just sweet-talk cisco into providing 5 minute > counts of syns and syn-acks on an interface? > - - - - - - - - - - - - - - - - -
|