BSDI announcement about defense against syn-flooding attacks
They've made a big announcement about it, but the code doesn't yet appear to be on their ftp site. The announcement does not describe what approach they took to solving the problem (presumably something more then their existing patch for the larg PCB hash table). See http://www.bsdi.com/press/19961002.html for the full announcement. It scares me to think how much effort has gone into defense against this one denial of service attack when there are endless possibilities for other ones. ______________________________________________________________________________ Colorado Springs, CO (October 2, 1996) -- Berkeley Software Design, Inc. (BSDI) anounced today its enhancements to its BSD/OS and BSDI Internet Server that are designed to protect against the recent wave of "SYN-flooding" denial-of-service attacks. Beginning this week, BSDI will make the source code for these enhancements available at no charge via the Internet to BSDI customers as well as all interested operating system suppliers, system administrators, and software developers.
Rob Liebschutz writes:
It scares me to think how much effort has gone into defense against this one denial of service attack when there are endless possibilities for other ones.
Not that many, actually. Most of the remaining ones are variations on a theme. I'm not saying that things are great, but this isn't going to destroy the internet. Perry
Rob Liebschutz writes:
It scares me to think how much effort has gone into defense against this one denial of service attack when there are endless possibilities for other ones.
Really? I don't think enough effort has been expended... which is why I'm expending more. Th point is not that we have to defeat the SYN attacks. We all know by now that the severity of that problem is, at least for modern OSes, reduced to a tolerable level (or will be soon). But these SYN attacks are just the precursor to other even more dangerous attacks that all share one characteristic: forged source addresses. If we can use this event to raise consciousness about the forged-source issue, everyone wins big. And if we don't... well, film at 11, as we say. /a
participants (3)
-
Alexis Rosen
-
Perry E. Metzger
-
Rob Liebschutz