router syn/syn-ack/ack alarming...

• Previous message (by thread): router syn/syn-ack/ack alarming...
• Next message (by thread): router syn/syn-ack/ack alarming...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i think that they're talking about shutting down the source,
not the destination.  if you deploy it on your own incoming
interface, well, gun - foot - bang :-)

Jeff Young
young at mci.net

> From: Regis Donovan <regisdo at microsoft.com>
> To: "'nanog at merit.edu'" <nanog at merit.edu>
> Subject: router syn/syn-ack/ack alarming...
> Date: Tue, 17 Sep 1996 13:23:35 -0700
> X-Mailer:  Microsoft Exchange Server Internet Mail Connector Version 4.0.994.24
> Encoding: 13 TEXT
> Sender: owner-nanog at merit.edu
> Content-Type: text
> Content-Length: 522
> 
> um... maybe i'm missing the clue here, but if the router vendors add
> something that shuts down an interface if the SYN/SYN-ACK/ACK ratio
> becomes too bad make it *easier* for me if i'm doing a denial of service
> attack on a host?  
> 
> instead of denying service to a given host, all i have to do is drive
> the router into alarm mode so it shuts off the interface and then i get
> to deny service to an entire segment and everything downstream from that
> segment...
> 
> here's to better bang for your cracker-kiddie buck...
> --regis
> >

• Previous message (by thread): router syn/syn-ack/ack alarming...
• Next message (by thread): router syn/syn-ack/ack alarming...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]