RE: TCP SYN attacks
---------- From: Tim Bass[SMTP:bass@linux.silkroad.com] Sent: Friday, October 04, 1996 7:58 AM To: freedman@netaxs.com Cc: nanog@merit.edu; iepg@iepg.org Subject: Re: TCP SYN attacks
My preferred approach is to not even have to store state on any of the embryonic connections. And to implement the fix on all of my hosts. And customers can implement it in a firewall, if they choose (and have boxes which can't be fixed: Win95, NT, Macs, ...).
Avi
Avi, Did you mean to state that these boxes can't be fixed (hardened against SYN attacks) by you? Ted L. My statements are my own and not of the Microsoft Corp.
From: Tim Bass[SMTP:bass@linux.silkroad.com] Sent: Friday, October 04, 1996 7:58 AM To: freedman@netaxs.com Cc: nanog@merit.edu; iepg@iepg.org Subject: Re: TCP SYN attacks
My preferred approach is to not even have to store state on any of the embryonic connections. And to implement the fix on all of my hosts. And customers can implement it in a firewall, if they choose (and have boxes which can't be fixed: Win95, NT, Macs, ...).
Avi
Avi,
Did you mean to state that these boxes can't be fixed (hardened against SYN attacks) by you?
Ted L.
My statements are my own and not of the Microsoft Corp.
If I had Win95 or NT source I suppose I could harden them w/out a SYN-handling proxy... Ditto for MacOS (if that's what it's called). Avi
participants (2)
-
Avi Freedman
-
Ted Linnenkamp