Perry, This is actually quite simple to implement on Dial Access Routers, and obviously this is the best place to add the filtering. Pat R. Calhoun e-mail: pcalhoun@usr.com Project Engineer - Lan Access R&D phone: (847) 933-5181 US Robotics Access Corp. ______________________________ Reply Separator _________________________________ Subject: Re: SYN floods (was: does history repeat itself?) Author: "Perry E. Metzger" <perry@piermont.com> at Internet Date: 9/9/96 1:19 PM Re: SYN floods PANIX, a large public access provider in New York, was badly hit with SYN flood attacks from random source addresses over the last few days. It nearly wrecked them. I think its time for the larger providers to start filtering packets coming from customers so that they only accept packets with the customer's network number on it. Yes, its a load on routers. Yes, its nasty for the mobile IP weenies. Unfortunately, the only known way to stop this. Many TCPs go belly up as soon as they get SYN flooded -- its a defect in the protocol design, and other than Karn style anti-clogging tokens ("cookies") being put into a TCP++ and mass implemented worldwide soon, the only reasonable way to stop this sort of terrorism is provider filtering. Perry