TCP SYN attacks

• Previous message (by thread): TCP SYN attacks
• Next message (by thread): TCP SYN attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I agree.
> 
> It seems to me that placing this processing in the firewall is
> *potentially* dangerous, as now a SYN-flooding attack (*IF*
> *successful*) will deny service to everything behind the firewall,
> instead of just the targeted host.
> 
> If I know I can fire-hose your firewall, and take your *site* off the
> net, then it might become more attractive to me to "find" sufficient
> CPU and bandwidth resources to generate enough packets to take you
> out.  This could "raise the stakes" enough to make it worth it to an
> attacker.

If someone can hose a firewall with an adaptive SYN timeout and
a 100,000 or more-entry state storage structure for pending SYNs
(not that any particular implementation does this that I know of 
or don't know of) then I *WANT* them to attack me.

Something that un-subtle should be eeasy to track back to the source.

> Tom E. Perrine (tep at SDSC.EDU) | San Diego Supercomputer Center 
> http://www.sdsc.edu/~tep/     | Voice: +1.619.534.5000
> "Ille Albus Canne Vinco Homines" - You Know Who

Avi

• Previous message (by thread): TCP SYN attacks
• Next message (by thread): TCP SYN attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]