Re: New Denial of Service Attack on Panix
This is the excellent idea! Actually, router vendors may simply add a feature which shuts down the interface if SYN/SYN-ACK balance is too bad -- thus disconnecting the hacker-to-be. Of course, that balance may be decaying with time, so repeated unsuccessful attempts to connect won't trigger alarms. --vadim Forrest W. Christian <forrestc@iMach.com> wrote: Maybe I'm missing something here, but wouldn't these Denial of Service attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a given router interface? If so, then couldn't we just sweet-talk cisco into providing 5 minute counts of syns and syn-acks on an interface?
This is the excellent idea! Actually, router vendors may simply add a feature which shuts down the interface if SYN/SYN-ACK balance is too bad -- thus disconnecting the hacker-to-be.
Of course, that balance may be decaying with time, so repeated unsuccessful attempts to connect won't trigger alarms.
--vadim
Ah, that's fun if it's a XP interface we're talking about :) Presumably you wouldn't enable that option on one, though... Avi
Forrest W. Christian <forrestc@iMach.com> wrote:
Maybe I'm missing something here, but wouldn't these Denial of Service attacks cause a severe mismatch in the numbers of SYNs and SYN-ACKs on a given router interface?
If so, then couldn't we just sweet-talk cisco into providing 5 minute counts of syns and syn-acks on an interface?
participants (2)
-
Avi Freedman
-
Vadim Antonov