New Denial of Service Attack on Panix

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): SUN: Re: New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Now can I hold my breath waiting for vendors to incorporate this stuff
into their products? Has anybody heard anything from Sun on this
matter?


Dima

Mike O'Dell writes:
> 
> Vern Schriver at SGI has been running experiements and 
> the conclusions are pretty compelling.
> 
> Have the listen queue do Random Drop of waiting connections.
> If the queue size is equal or greater than the attack rate
> times the expected roud-trip time, the probability of a
> real session connecting on the first SYN is very close to one.
> 
> Note this performs much better than "oldest drop" (aka FIFO).
> 
> In his tests, a machine sustained a 1200 SYN/second attack
> with no observable impact in system performance.  With a 
> queue size of 383, from a machine 250 msec round-trip thousands
> of connections completed with only a handful of initial SYN
> retransmissions (again, with a 1200 SYN/sec attack).
> 
> Best way to make the bogons leave is to make it not fun anymore.
> 
> This certainly seems to accomplish the goal.
> 
> 	-mo
> 

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): SUN: Re: New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]