TCP SYN attacks

• Previous message (by thread): TCP SYN attacks
• Next message (by thread): BSDI announcement about defense against syn-flooding attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Thu, 3 Oct 1996, Ran Atkinson wrote:
> 
> > >Dima Volodin writes:
> > >> Now can I hold my breath waiting for vendors to incorporate this stuff
> > >> into their products?
> >
> > At least BSDI, Sun, SGI, and HP are working on TCP SYN hardening.
> > (yes, cisco is also on top of things :-).
> >
> > I have no data on what might be up at other vendors.
> 
> the linux ip folk have released at least one patch (available near
> http://www.uk.linux.org/NetNews.html) that holds off the problem for a
> bit.  it has a larger infant connection queue and drops some off the end
> if its under attack.  There has also been some talk of doing much more
> 'sneaky' stuff.  i.e. encoding cookies in rsts instead of sending
> synacks..

Yes.  This is the approach I like.
Store the mss info either in toto or in a table of "mss values I have
seen" as some # of bits of the iss and the rest is a one-way hard-to-guess
hash of some sort of the rest of the data (a rotating secret #, src/dest ips 
and ports etc...);

> zach

Avi

• Previous message (by thread): TCP SYN attacks
• Next message (by thread): BSDI announcement about defense against syn-flooding attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]