Syn flooding attacks

Vern Paxson vern at ee.lbl.gov
Mon Oct 20 18:08:27 UTC 1997


> The router could discard the SYN, remembering it, and let pass the retry SYN
> that usually occurs with valid connections and does not with invalid ones.

This is no good - all the crackers have to do is modify their programs
to send two bogus SYNs, spaced apart, instead of just one.

		Vern



More information about the NANOG mailing list