Re: Stopping SYN floods.

Rob Glover (potato@dsnet.com)
Thu, 17 Oct 1996 19:41:46 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Zach Brown: "Re: Stopping SYN floods."
Previous message: Kevin M Bealer: "Re: mke2fs > 2G?"
In reply to: Chris Thornhill: "Stopping SYN floods."
Next in thread: Alan Cox: "Re: Stopping SYN floods."

There is already a kernel patch that protects against SYN floods. (I would
like to know where to get it though :)

-Rob

On Thu, 17 Oct 1996, Chris Thornhill wrote:

> Hello,
>
> I seems the cool hackerish thing to these days is to flood someones
> port with spoofed SYN packets, disallowing any further connections
> to the port. Okay, fine. It seems to me that there is an easy
> solution to this (in theory). Forgive my lack of proper terminology
> here, but couldn't the tcp/ip stack be written so that if its connection
> table for a particular port fills, the next incoming SYN packet immediatly
> causes the oldest connection that is waiting for an ACK from it's SYNACK
> to time out?
>
> Just wanted to get a few peoples thoughts on the matter. :)
>
> - Chris
>
> P.S. Sorry about that run on sentence. :)
>
>

Next message: Zach Brown: "Re: Stopping SYN floods."
Previous message: Kevin M Bealer: "Re: mke2fs > 2G?"
In reply to: Chris Thornhill: "Stopping SYN floods."
Next in thread: Alan Cox: "Re: Stopping SYN floods."