New Denial of Service Attack on Panix
Dima Volodin
dvv at sprint.net
Thu Oct 3 15:21:37 UTC 1996
Now can I hold my breath waiting for vendors to incorporate this stuff
into their products? Has anybody heard anything from Sun on this
matter?
Dima
Mike O'Dell writes:
>
> Vern Schriver at SGI has been running experiements and
> the conclusions are pretty compelling.
>
> Have the listen queue do Random Drop of waiting connections.
> If the queue size is equal or greater than the attack rate
> times the expected roud-trip time, the probability of a
> real session connecting on the first SYN is very close to one.
>
> Note this performs much better than "oldest drop" (aka FIFO).
>
> In his tests, a machine sustained a 1200 SYN/second attack
> with no observable impact in system performance. With a
> queue size of 383, from a machine 250 msec round-trip thousands
> of connections completed with only a handful of initial SYN
> retransmissions (again, with a 1200 SYN/sec attack).
>
> Best way to make the bogons leave is to make it not fun anymore.
>
> This certainly seems to accomplish the goal.
>
> -mo
>
More information about the NANOG
mailing list