Re: SYN flooding....

Eric.Schenk@dna.lth.se
Mon, 26 May 1997 14:16:39 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Meskes: "My address change (corrected)"
Previous message: Martin Mares: "Re: PATCH: Reserving memory and /proc/memzones"
Maybe in reply to: Chris Evans: "SYN flooding...."

Rogier Wolff <R.E.Wolff@BitWizard.nl> writes:
>My personal opinion is that logging useless information is less
>harmful than throwing information away. If the stupid fools didn't
>forge their source address, or are behind a router that correctly only
>allows "internal IP addresses" to go out, you would at least have
>the ISP that they operate from....

On the other hand, if we report the address and the attacker was
clever enough to pick an internal unroutable address on someone elses
router, then it only servers to make trouble for an innocent party.
Attacker: 2, Victims: 0. Perhaps a sufficiently strongly worded kernel
message would fix this problem, but I'm still wary of logging more
information than the port number.

-- 
Eric Schenk                               www: http://www.dna.lth.se/~erics
Dept. of Comp. Sci., Lund University          email: Eric.Schenk@dna.lth.se
Box 118, S-221 00 LUND, Sweden   fax: +46-46 13 10 21  ph: +46-46 222 96 38

Next message: Michael Meskes: "My address change (corrected)"
Previous message: Martin Mares: "Re: PATCH: Reserving memory and /proc/memzones"
Maybe in reply to: Chris Evans: "SYN flooding...."