New Denial of Service Attack on Panix

I'm not sure it's even possible to analyze the pseudo-random shifting
attack (among other problems, there will be legitimate traffic in the
stream, so knowing what SYNs are bad is a pain) in anything approaching
realtime, so yes, one of the other methods is a much better choice :sunglasses:

-george william herbert

There are other things that one might look at besides trying to analyze and
predict the pseudo-randomness in certain sequences of fields.

But I'm convinced hardening hosts and getting more providers to filter
packets with bogus source IPs is the best way to attack the problem.