On Sun, 19 Jan 2003, Christopher L. Morrow wrote:
you could partly get around this by blocking all 'SYN' packets going to your customers :-)
and we are hoping none are hosting webservers or mail servers or.... right? Oh wait! I'll just make them use my datacenters, right?? or were you not talking about the attacks?
I was refering specifically to end user workstations. For example home machines on dial up or broadband connections. A lot of broadband providers already prohibit running servers and block certain inbound ports (eg 21 and 80). *shrug* just seems like it would make more sense to block all incoming 'syn' packets. Wouldn't that be faster than inspecting the destination port against two seperate rules? I don't know how these operators do their blocking..