SYN floods (was: does history repeat itself?)
Craig A. Huegen
c-huegen at quad.quadrunner.com
Mon Sep 9 16:13:32 UTC 1996
On Mon, 9 Sep 1996, Avi Freedman wrote:
==>
==>I will make time to start running the route aggregator at routes.netaxs.com
==>again; we've been fighting a random-src-address-SYN-attacker for the last
==>week or two. I may have some comments on THAT for NANOG re: inter-provider
==>cooperation shortly.
==>
==>Avi
==>
A friend of mine gave me a photocopy of a page in the latest 2600
magazine. It was the source code for a SYN flooder on Linux, with a
description of what it does and a notice on how it can really cause
denial-of-service attacks.
I can't remember if it also supplied the source for the source-spoof
kernel patch or not, but it does mention that you should use the
source-spoof patch to hide your identity.
So, what does this say? Look for more 13-year-olds causing
denial-of-service attacks for the hell of it. It seems a lot of the
providers SYN flooders like to attack are the ones which have IRC servers,
but the flooders attack the more traditional services of those providers,
too.
/cah
----
Craig A. Huegen CCIE || ||
Network Analyst, IS-Network/Telecom || ||
cisco Systems, Inc., 250 West Tasman Drive |||| ||||
San Jose, CA 95134, (408) 526-8104 ..:||||||:..:||||||:..
email: chuegen at cisco.com c i s c o S y s t e m s
More information about the NANOG
mailing list