Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is there a line of defense against Distributed Reflective attacks?

  • From: Rob Thomas
  • Date: Thu Jan 16 23:06:57 2003 
] Because syn cookies are available on routing gear??? Either way syn
] cookies are not going to keep the device from sending a 'syn-ack' to the
] 'originating host'.

Agreed.  SYN cookies also won't drain a pipe full of malevolent packets.
Any response the target is able to send during a TCP amplification
attack is a bonus prize, but is not required for the attack to succeed.

-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.