We too have recently gotten hit with these wonderful syn attacks, until router logging (or whatever means we develop to trace these packets is developed) I think there are only 2 resolutions 1) filter incoming ip's, at least on dial-ups and on non-border (or non-core) routers for ip-spoofing. (Do not allow ip's that should not originate over this port(s) to be passed), this will allow ISP's to stop their users from originating these floods. 2) Fix the OS's to not be as susceptible to SYN floods. This will eventually make the hackers board and the problem will slowely disappear. (well, maybe) --Dan Ellis MIS On Wed, 18 Sep 1996, Kent W. England wrote:
It seems to me after reading Curtis' summary that servers can be modified to make the SYN flooding attacks much more difficult to accomplish. Perhaps enough so that source address filtering doesn't have the urgency of implementation and coordination that I thought before reading Curtis' note.
--Kent
~.............................................................................. --Daniel Ellis Director of Engineering / Chief Engineer, MicroServe Information Systems Inc. "The only way to predict the future is to invent it." --Alan Kay