On Tue, 17 Sep 1996, Robert E. Seastrom wrote:
In any event, once again I exhort everyone to not waste their time filtering the dialups. Filter your customers, filter your own networks; if you incidentally get most of your dialup servers covered by that umbrella, fine. If not, don't lose too much sleep over it -- if you don't believe me, just config up a linux box with the code of your choice, and try to SYNflood someone over a dialup.
Not worth the trouble. The far ends of the earth where not even the network admins speak English are on the ends of wet strings; it isn't worth the aggreivation to telnet through them, and launching a source-routed synflood through them would be self-defeating.
If it only takes 8 SYN packets to lock up a socket for 75 seconds then effective SYN flood attacks certainly *CAN* be launched from a dialup connection. And if the definition of an effective attack allows for intermittently shutting down a socket then effective attacks certainly *CAN be launched from places like Uruguay, Brazil, Indonesia and so forth. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com