I don't know, but since nobody else seems to either, how about a router box that detects excessive SYN activity and then automatically blocks that ip address for awhile? I suppose it just means that the attacker has to vary the source address rapidly.
Anyway. Point is this: We can't take too much more of this, nor can our customers. I have yet to hear *anyone* come up with any ideas even remotely reasonable for how to deal with this situation, long term, except for the
If they modulate the phasers we just need to modulate the sheilds. :-O If someone comes up with a good solution we will be glad to impliment it. -- /*Joseph T. Klein * Keep Cool, but Don't Freeze * NAP.NET, LLC * * phone +1 414 747-8747 * - Hellman's Mayonnaise * http://www.nap.net */