New Denial of Service Attack on Panix:

Avi Freedman freedman at netaxs.com
Tue Sep 17 20:31:11 UTC 1996


> This is the excellent idea!  Actually, router vendors may simply
> add a feature which shuts down the interface if SYN/SYN-ACK balance
> is too bad -- thus disconnecting the hacker-to-be.
> 
> Of course, that balance may be decaying with time, so repeated
> unsuccessful attempts to connect won't trigger alarms.
> 
> --vadim

Ah, that's fun if it's a XP interface we're talking about :)
Presumably you wouldn't enable that option on one, though...

Avi

> Forrest W. Christian <forrestc at iMach.com> wrote:
> 
> Maybe I'm missing something here, but wouldn't these Denial of Service 
> attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a 
> given router interface?
> 
> If so, then couldn't we just sweet-talk cisco into providing 5 minute 
> counts of syns and syn-acks on an interface?
> 






More information about the NANOG mailing list