Date: Tue, 18 Jan 2000 22:56:56 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Brett Glass <brett@lariat.org> Cc: Wes Peters <wes@softweyr.com>, patl@phoenix.volant.org, David Wolfskill <dhw@whistle.com>, matt@ARPA.MAIL.NET, freebsd-security@FreeBSD.ORG Subject: Re: TCP/IP Message-ID: <200001190656.WAA33816@apollo.backplane.com> References: <ML-3.4.948228615.4905.patl@asimov.phoenix.volant.org> <388557FB.443E66B0@softweyr.com> <4.2.2.20000118234610.01dd9b60@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
:True. But one can minimize the damage. The best way to do this seems to be
:via a pseudorandom sequence number on the SYN-ACK, which eliminates the need
:for the server to retain any state after the SYN.
:
:--Brett
Assuming you have bandwidth left to play with. Unfortunately the problem
tends to be that such attacks saturate your internet link, making it
unusable.
Generally speaking SYN attacks are related to IRC weenies. The best way
to avoid them is usually to (a) not run an irc server and (b) not allow
your users to run irc bots.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001190656.WAA33816>