SYN floods (was: does history repeat itself?)

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > So, what does this say?  Look for more 13-year-olds causing
> > denial-of-service attacks for the hell of it.  It seems a lot of the
> > providers SYN flooders like to attack are the ones which have IRC servers,
> > but the flooders attack the more traditional services of those providers,
> > too.
> 
> My outbound filter blocks packets not from an address in my space.  Am
> I wrong in thinking this is the right thing for non-transit networks
> to do?
> 
> Dick St.Peters,       Gatekeeper, Pearly Gateway, Ballston Spa, NY

This is *exactly* the right thing to do; every provider which does
not provide complicated transit (which excludes even certain regionals,
alas) should do this at their borders if they don't do it at each customer
connect.

And everyone should at least filter on each customer 56k/t1/etc...
I know router cycles are tight but it might *really* become
imperative...

Avi

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]