[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] SYN flooding
- Subject: Re: [cobalt-developers] SYN flooding
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Wed Mar 27 17:54:02 2002
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
Hi Nico,
> > SYN flood != traffic flood
>
> Wow, Big Bad on my part... Of course you are right, what was I
> thinking? I probably was confusing these two types of flooding.
> Apologies.
I, of course, never make typos or erroneous statements. ;-) And
if you believe that, I have all sorts of magic potions to sell
you...
No problem. It was probably a good exercise to summarize a SYN
flood, anyway. Sort of like CJ was keen to mention backscatter,
which I had forgotten to address.
Quick addendum while we're on it: Non-spoofed SYN floods built
using raw IP sockets mean that the attacker will send a RST in
response to the SYN+ACK, as there is no TCP socket awaiting
SYN+ACK.
The best way to trace these things is having a clueful upstream.
And, please, everyone block spoofed packets at your edge unless
you have a _really_ good reason not to. Especially if you're
running colo... it's the right thing to do.
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
--
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@xxxxxxxxx>, or you are likely to be blocked.