Stopping SYN floods.

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michael Riepe: "Re: ELF - are .comment and .note sections needed? Inline syscalls?"
• Previous message: Alain Knaff: "Re: get_fs_byte and put_fs_long in 2.1.4?"
• Next in thread: Taner Halicioglu: "Re: Stopping SYN floods."
• Reply: Taner Halicioglu: "Re: Stopping SYN floods."
• Reply: cowzilla@gwbbs.northeast.net: "Re: Stopping SYN floods."
• Reply: Rob Glover: "Re: Stopping SYN floods."
• Reply: Alan Cox: "Re: Stopping SYN floods."

I seems the cool hackerish thing to these days is to flood someones
port with spoofed SYN packets, disallowing any further connections
to the port. Okay, fine. It seems to me that there is an easy
solution to this (in theory). Forgive my lack of proper terminology
here, but couldn't the tcp/ip stack be written so that if its connection
table for a particular port fills, the next incoming SYN packet immediatly
causes the oldest connection that is waiting for an ACK from it's SYNACK
to time out?

Just wanted to get a few peoples thoughts on the matter. :)

- Chris

P.S. Sorry about that run on sentence. :)

• Next message: Michael Riepe: "Re: ELF - are .comment and .note sections needed? Inline syscalls?"
• Previous message: Alain Knaff: "Re: get_fs_byte and put_fs_long in 2.1.4?"
• Next in thread: Taner Halicioglu: "Re: Stopping SYN floods."
• Reply: Taner Halicioglu: "Re: Stopping SYN floods."
• Reply: cowzilla@gwbbs.northeast.net: "Re: Stopping SYN floods."
• Reply: Rob Glover: "Re: Stopping SYN floods."
• Reply: Alan Cox: "Re: Stopping SYN floods."