North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ideas for half-open sync flood fixs
from the quill of [email protected] (Peter Cole) on scroll <[email protected]> > fix 1. Doesn't the network respond with ICMP message to the attacked > host > telling it that the nonexistent host is unreachable. The attacked host > could > close a half open socket if it received a ICMP message with the > corresponding > host address and socket port data. Ideally. A lot of firewalls silently drop packets which don't get past the security policy to make port scanning take much longer than it would if ICMP's were sent back. No resets, no ICMP unreachable. b. -- Brian J. Murrell [email protected] BCTel Advanced Communications [email protected] Vancouver, B.C. [email protected] 604 454 5279 - - - - - - - - - - - - - - - - -
|