TCP SYN attacks
Avi Freedman
freedman at netaxs.com
Thu Oct 3 19:40:19 UTC 1996
> On Thu, 3 Oct 1996, Ran Atkinson wrote:
>
> > >Dima Volodin writes:
> > >> Now can I hold my breath waiting for vendors to incorporate this stuff
> > >> into their products?
> >
> > At least BSDI, Sun, SGI, and HP are working on TCP SYN hardening.
> > (yes, cisco is also on top of things :-).
> >
> > I have no data on what might be up at other vendors.
>
> the linux ip folk have released at least one patch (available near
> http://www.uk.linux.org/NetNews.html) that holds off the problem for a
> bit. it has a larger infant connection queue and drops some off the end
> if its under attack. There has also been some talk of doing much more
> 'sneaky' stuff. i.e. encoding cookies in rsts instead of sending
> synacks..
Yes. This is the approach I like.
Store the mss info either in toto or in a table of "mss values I have
seen" as some # of bits of the iss and the rest is a one-way hard-to-guess
hash of some sort of the rest of the data (a rotating secret #, src/dest ips
and ports etc...);
> zach
Avi
More information about the NANOG
mailing list