New Denial of Service Attack on Panix

Tim writes:

There are at least three things you can do to protect yourself from such
attacks. One is to patch your UNIX/BSD kernel to allow much higher numbers
of incomplete socket connections. One is to have another machine or your
network issue RST's for sockets that it thinks are part of the SYN flood
attack. And one is to install a SYN proxy machine between your net and the
Internet which catches all SYN packets and holds them until an ACK is
received at which point the SYN and the ACK are passed on to your network.
Such a proxy can be built to handle HUGE numbers of incomplete conections.

Great suggestion Mike! Much quicker to do than a stochastic analysis
of the pseudo-random nature of the attack (unless your the US goverment :slight_smile:
and much cheaper to implement (unless your the US goverment :slight_smile:
Certainly the UNIX proxy hack is easier than resorting to code-breaking,
stochastic methods.
Hats off to you,

I'm not sure it's even possible to analyze the pseudo-random shifting
attack (among other problems, there will be legitimate traffic in the
stream, so knowing what SYNs are bad is a pain) in anything approaching
realtime, so yes, one of the other methods is a much better choice :sunglasses:

-george william herbert