ideas for half-open sync flood fixs
Brian Murrell
Brian_Murrell at bctel.net
Fri Sep 20 17:02:02 UTC 1996
from the quill of peter at telescan.com (Peter Cole) on scroll
<199609201650.MAA10156 at merit.edu>
> fix 1. Doesn't the network respond with ICMP message to the attacked
> host
> telling it that the nonexistent host is unreachable. The attacked host
> could
> close a half open socket if it received a ICMP message with the
> corresponding
> host address and socket port data.
Ideally. A lot of firewalls silently drop packets which don't get past the
security policy to make port scanning take much longer than it would if
ICMP's were sent back. No resets, no ICMP unreachable.
b.
--
Brian J. Murrell Brian_Murrell at bctel.net
BCTel Advanced Communications brian at ilinx.com
Vancouver, B.C. brian at wimsey.com
604 454 5279
More information about the NANOG
mailing list