SYN floods (was: does history repeat itself?)

>I will make time to start running the route aggregator at
>again; we've been fighting a random-src-address-SYN-attacker for the last
>week or two. I may have some comments on THAT for NANOG re: inter-provider
>cooperation shortly.

A friend of mine gave me a photocopy of a page in the latest 2600
magazine. It was the source code for a SYN flooder on Linux, with a
description of what it does and a notice on how it can really cause
denial-of-service attacks.

And about a paragraph of "Don't do this. This is really really bad.
Please don't compile this.".. :slight_smile:

I can't remember if it also supplied the source for the source-spoof
kernel patch or not, but it does mention that you should use the
source-spoof patch to hide your identity.

It doesn't provide the source or location for the source spoof kernel patch,
but it's easy enough to find.

Methinks this is going to be happening more often (DoS attacks).

Imminent Death Of The Net Predicted :slight_smile: