Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SYN floods (was: does history repeat itself?)

  • From: Vektor Sigma
  • Date: Mon Sep 09 21:29:59 1996

On Mon, 9 Sep 1996, Perry E. Metzger wrote:

> I think its time for the larger providers to start filtering packets
> coming from customers so that they only accept packets with the
> customer's network number on it. 
> 
> Yes, its a load on routers. Yes, its nasty for the mobile IP weenies.
> Unfortunately, the only known way to stop this.

On my private network I can send 600 or more SYN packets to my telnet port 
(w/faked, unreachable source addresses + random seq numbers), yet the 
port doesn't seem to be flooded.

It's a linux box.

The telnet daemon seems to be able to tell the difference between a faked 
packet and a real one.  Even when spoofing from localhost, it reports a 
connection from unknown.

Obviously, there seems to be a solution to this problem.  ??

--
Billy Biggs
Ottawa, Canada
- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.