SYN floods continue
Larry J. Plato
ljp at ans.net
Wed Sep 11 18:43:22 UTC 1996
If you can write a SYN flooder you can trivialy add the call to
to generate a random source address....
IMHO this is not a win.
Larry Plato
>
>
> I don't know, but since nobody else seems to either, how about a
> router box that detects excessive SYN activity and then automatically
> blocks that ip address for awhile? I suppose it just means that
> the attacker has to vary the source address rapidly.
>
> > Anyway. Point is this: We can't take too much more of this, nor can our
> > customers. I have yet to hear *anyone* come up with any ideas even remotely
> > reasonable for how to deal with this situation, long term, except for the
>
More information about the NANOG
mailing list