On Mon, 9 Sep 1996, Avi Freedman wrote: ==> ==>I will make time to start running the route aggregator at routes.netaxs.com ==>again; we've been fighting a random-src-address-SYN-attacker for the last ==>week or two. I may have some comments on THAT for NANOG re: inter-provider ==>cooperation shortly. ==> ==>Avi ==> A friend of mine gave me a photocopy of a page in the latest 2600 magazine. It was the source code for a SYN flooder on Linux, with a description of what it does and a notice on how it can really cause denial-of-service attacks. I can't remember if it also supplied the source for the source-spoof kernel patch or not, but it does mention that you should use the source-spoof patch to hide your identity. So, what does this say? Look for more 13-year-olds causing denial-of-service attacks for the hell of it. It seems a lot of the providers SYN flooders like to attack are the ones which have IRC servers, but the flooders attack the more traditional services of those providers, too. /cah ---- Craig A. Huegen CCIE || || Network Analyst, IS-Network/Telecom || || cisco Systems, Inc., 250 West Tasman Drive |||| |||| San Jose, CA 95134, (408) 526-8104 ..:||||||:..:||||||:.. email: chuegen@cisco.com c i s c o S y s t e m s