SYN floods (was: does history repeat itself?)

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pat Calhoun writes:
>         However if you are filtering on your outbound router to the net, 
>      there is still the possbility that a malicious user could spoof 
>      addresses as long as they belong to your address space. By moving the 
>      filter out to the edge (when you have the equipment) this eliminates 
>      that problem as well.

I think thats less of a problem -- spoofing addresses inside the
network narrows down your origin enough that you are very likely to be
caught or shut down quickly. It might have an advantage in stopping
ankle-biter attacks against your own equipment by your users, though.

I think that agressively sanity-filtering the net at all junctions is
probably a good idea in general, though. Would that we had the CPU
power...

(Whats needed, I think, is a cheap box that just does filtering.  If
it did it in hardware, it could be very fast (needed for high speed
lines) and possibly even cheap.

Perry

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]