ideas for half-open sync flood fixs

• Previous message (by thread): filtering out reserved AS numbers
• Next message (by thread): ideas for half-open sync flood fixs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ideas for half-open sync flood fixs?

What I understand about this venerability:

If a spoofed packet contains a  host address that does exist on the net then 
the real host sends a reset and the fake half open socket is killed. No 
problem for the host.

If a spoofed packet contains a nonexistent host address then no host is 
present to send a reset.  Big problem for the host.

fix 1.  Doesn't the network respond with ICMP message to the attacked host 
telling it that the nonexistent host is unreachable.  The attacked host could 
close a half open socket if it received a ICMP message with the corresponding 
host address and socket port data.

fix 2.  If a router cannot deliver a sync ack packet it could send a reset for 
that sync ack.

fix 3.  If a host sent a ping to the requesting source address before sending 
the sync ack then it could kill nonresponding hosts quickly. 

Three ideas form a lurker.

Peter Cole 
peter at telescan.com
Telescan Inc.
(713) 588-9155

 
Better computing through lack of sleep
Peter Cole (713)588-9155

• Previous message (by thread): filtering out reserved AS numbers
• Next message (by thread): ideas for half-open sync flood fixs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]