16 Sep
1996
16 Sep
'96
10:02 p.m.
I'm not sure it's even possible to analyze the pseudo-random shifting attack (among other problems, there will be legitimate traffic in the stream, so knowing what SYNs are bad is a pain) in anything approaching realtime, so yes, one of the other methods is a much better choice 8-)
-george william herbert gherbert@crl.com
There are other things that one might look at besides trying to analyze and predict the pseudo-randomness in certain sequences of fields. But I'm convinced hardening hosts and getting more providers to filter packets with bogus source IPs is the best way to attack the problem. Avi