SYN floods (was: does history repeat itself?)

• Previous message (by thread): does history repeat itself?
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 9 Sep 1996, Avi Freedman wrote:

==>
==>I will make time to start running the route aggregator at routes.netaxs.com
==>again; we've been fighting a random-src-address-SYN-attacker for the last
==>week or two.  I may have some comments on THAT for NANOG re: inter-provider
==>cooperation shortly.
==>
==>Avi
==>

A friend of mine gave me a photocopy of a page in the latest 2600
magazine.  It was the source code for a SYN flooder on Linux, with a
description of what it does and a notice on how it can really cause
denial-of-service attacks.

I can't remember if it also supplied the source for the source-spoof
kernel patch or not, but it does mention that you should use the
source-spoof patch to hide your identity.

So, what does this say?  Look for more 13-year-olds causing
denial-of-service attacks for the hell of it.  It seems a lot of the
providers SYN flooders like to attack are the ones which have IRC servers,
but the flooders attack the more traditional services of those providers,
too.

/cah

----
Craig A. Huegen  CCIE                             ||        ||
Network Analyst, IS-Network/Telecom               ||        ||
cisco Systems, Inc., 250 West Tasman Drive       ||||      ||||
San Jose, CA  95134, (408) 526-8104          ..:||||||:..:||||||:..
email: chuegen at cisco.com                    c i s c o  S y s t e m s

• Previous message (by thread): does history repeat itself?
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]