North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DoS, ICMP, proxies, SYNDefender
See Jeff Weisberg's post to nanog yesterday. It can be solved in tcp_input.c, even for tens of thousands of syn packets/second. Just keep no state until the syn/ack comes back (and with a valid hash matching one you would have supplied as an initial seq number). Avi > Dimo laments: > Yep. Life sucks and we all die. > > Victor Hugo, _The Hunchback of Notre Dame_ and _Les Miserables_ > both inspired by the author seeing the word FATALITY graphically > painted on a wall in Paris. (I highly recommend _Les Miserables_) > Jean Valjean, the man who, for stealing a loaf of bread to > feed a starving family, lives out his entire life in misery... > ... hence, FATALITY (set in Paris in the early 1800s) > > Anyway ..... > > I'll drop off unless someone can provide a technical suggestion > on an algorithm that will stop high speed TCP SYN attacks > in tcp_input.c (otherwise, I'm not moving toward my aim/target) > > What is the IPV6 approach to solving this problem? Is there one? > > Regards, > > Tim - - - - - - - - - - - - - - - - -
|