North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BSDI announcement about defense against syn-flooding attacks

  • From: Alexis Rosen
  • Date: Fri Oct 04 00:09:54 1996

Rob Liebschutz writes:
> It scares me to think how much effort has gone into defense against
> this one denial of service attack when there are endless possibilities
> for other ones.

Really? I don't think enough effort has been expended... which is why I'm
expending more.

Th point is not that we have to defeat the SYN attacks. We all know by now
that the severity of that problem is, at least for modern OSes, reduced
to a tolerable level (or will be soon). But these SYN attacks are just
the precursor to other even more dangerous attacks that all share one
characteristic: forged source addresses. If we can use this event to
raise consciousness about the forged-source issue, everyone wins big. And
if we don't... well, film at 11, as we say.

/a
- - - - - - - - - - - - - - - - -