|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: TCP SYN attacks
> On Thu, 3 Oct 1996, Ran Atkinson wrote: > > > >Dima Volodin writes: > > >> Now can I hold my breath waiting for vendors to incorporate this stuff > > >> into their products? > > > > At least BSDI, Sun, SGI, and HP are working on TCP SYN hardening. > > (yes, cisco is also on top of things :-). > > > > I have no data on what might be up at other vendors. > > the linux ip folk have released at least one patch (available near > http://www.uk.linux.org/NetNews.html) that holds off the problem for a > bit. it has a larger infant connection queue and drops some off the end > if its under attack. There has also been some talk of doing much more > 'sneaky' stuff. i.e. encoding cookies in rsts instead of sending > synacks.. Yes. This is the approach I like. Store the mss info either in toto or in a table of "mss values I have seen" as some # of bits of the iss and the rest is a one-way hard-to-guess hash of some sort of the rest of the data (a rotating secret #, src/dest ips and ports etc...); > zach Avi - - - - - - - - - - - - - - - - -
|