Re: SYN flooding....

Nigel Metheringham (Nigel.Metheringham@ThePLAnet.net)
Tue, 27 May 1997 10:08:20 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark Hemment: "Slab bug fix (2.1.37-40)"
Previous message: Kohtala Marko: "nfsroot.c patch"
Maybe in reply to: Chris Evans: "SYN flooding...."

Eric.Schenk@dna.lth.se said:
} (2) If you are really under attack, then by the very nature of the
} SYN flood attack it is not possible to know from whom the attack
} is coming. The kernel only knows the spoofed address on the the
} SYN packets that are arriving, and those are anything but the
} address of the attacker.

There are malicious attacks (for which the above statement holds), and
apparent attacks caused by problem networks. I have seen a few cases of
attacks which are apparently due to some form of routing problem - ie
"they" can route to us, we can't route to them for some reason. Seeing
addresses in this case is very useful to help track things down.

Nigel.

-- 
[ Nigel.Metheringham@theplanet.net   -  Systems Software Engineer ]
[ Tel : +44 113 251 6012                   Fax : +44 113 224 0003 ]
[            Friends don't let friends use sendmail!              ]

Next message: Mark Hemment: "Slab bug fix (2.1.37-40)"
Previous message: Kohtala Marko: "nfsroot.c patch"
Maybe in reply to: Chris Evans: "SYN flooding...."