2 May
2002
2 May
'02
2:11 a.m.
On Wed, 1 May 2002, Pete Kruckenberg wrote:
On Thu, 2 May 2002, Richard A Steenbergen wrote:
SYN packet comes in, one of these machines responses with a RST to the "source", which is actually the target of the
You have an interesting situation. I think rate limiting outbound RSTs would be the least offensive thing you could do, off the top of my head.
What about just blocking out-going RSTs altogether from our borders? While this interferes with "proper" TCP functionality, would it actually interfere enough to cause noticeable problems? Would certainly be less of a burden on routers than rate-limiting.
Aren't the initial packets in the 'gibson syn amp attack' syn-ack's?