BSDI announcement about defense against syn-flooding attacks

William Sommers sommers at sfo.com
Fri Oct 4 00:15:56 UTC 1996


On Thu, 3 Oct 96 16:35:13 PDT  Rob Liebschutz wrote:

 > They've made a big announcement about it, but the code doesn't yet
 > appear to be on their ftp site. The announcement does not describe
 > what approach they took to solving the problem (presumably something
 > more then their existing patch for the larg PCB hash table).  See
 > http://www.bsdi.com/press/19961002.html for the full announcement.
 >
 > It scares me to think how much effort has gone into defense against
 > this one denial of service attack when there are endless possibilities
 > for other ones.

Actually, they released a number of patches all at once, including (quoting 
the notice just sent out by polk at bsdi.com):

  The remainder of the patches (K210-021, K210-022, and U210-025)
  add support for IP source checking, and for reducing and/or
  eliminating problems associated with SYN attacks, IP fragment
  attacks, and some other denial of service/looped server attacks.

Unfortunately, these are available only for BSD/OS 2.1 -- nothing for prior 
releases.


 William Sommers
 San Francisco Online
 Televolve, Inc.
 sommers at sfo.com







More information about the NANOG mailing list