Date: Tue, 18 Jan 2000 23:49:02 -0700 From: Brett Glass <brett@lariat.org> To: Matthew Dillon <dillon@apollo.backplane.com>, Wes Peters <wes@softweyr.com> Cc: patl@phoenix.volant.org, David Wolfskill <dhw@whistle.com>, matt@ARPA.MAIL.NET, freebsd-security@FreeBSD.ORG Subject: Re: TCP/IP Message-ID: <4.2.2.20000118234610.01dd9b60@localhost> In-Reply-To: <200001190630.WAA33466@apollo.backplane.com> References: <ML-3.4.948228615.4905.patl@asimov.phoenix.volant.org> <388557FB.443E66B0@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:30 PM 1/18/2000 , Matthew Dillon wrote: > Blocking SYN floods with spoofed source IP addresses is virtually > impossible. Not only can one not tell the difference between a spoofed > packet and a real SYN, it is also virtually impossible to determine > whether the actual source of the packets is if the source is not coming > from another customer in the same ISP. True. But one can minimize the damage. The best way to do this seems to be via a pseudorandom sequence number on the SYN-ACK, which eliminates the need for the server to retain any state after the SYN. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000118234610.01dd9b60>