DoS, ICMP, proxies, SYNDefender

Michael Dillon michael at memra.com
Fri Oct 4 20:25:48 UTC 1996


On Fri, 4 Oct 1996, Tim Bass wrote:

> Also, you have not responded by a valid technical question, but
> are hand-waving... I'll ask again.  How do you propose a hack
> can do these three things at the same time.

This is not the right forum to discuss TCP internals nor is it the right
forum to discuss building hardened kernels

There are already lots of people working on fixing the SYN problems.
Implementations are available for SunOS, FreeBSD, NetBSD, BSDI, Linux,
IRIX and perhaps others. Solaris can be protected by adjusting kernel
resources with the ndd command. HP, SCO and others have announced that
they have teams working on a fix. Most firewall companies are working on a
solution for those sites protected by firewalls; two have announced
available products.

So what is it you are trying to do here? And why are you trying to do it
here of all places?

> I would appreciate it if you would not give credit to for 
> ICMP UNREACHABLE to me.  ICMP UNREACHABLE errors are in specified
> in RFC 793.   Please 'redirect' this credit elsewhere.  It is
> not my original idea. 

OK, OK, OK, it was supposed to be a joke, a funny comment, a witticism.

> All I am asking is for the procotcol
> to work as designed so I can have one more piece of info
> to use in an algorithm.

This is too much to ask for, IMHO.

> Somewhat Patiently (but anxiously awaiting technical answers),

That's like sending an email to president at whitehouse.gov to tell him
that you are hungry and then waiting anxiously for the Domino's delivery
guy to knock at your door.

You would get much better response to your questions if you would send 
a subscribe message to firewalls-request at greatcircle.com and ask there.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael at memra.com






More information about the NANOG mailing list