TCP SYN attacks

> >Dima Volodin writes:
> >> Now can I hold my breath waiting for vendors to incorporate this stuff
> >> into their products?
> At least BSDI, Sun, SGI, and HP are working on TCP SYN hardening.
> (yes, cisco is also on top of things :-).
> I have no data on what might be up at other vendors.

the linux ip folk have released at least one patch (available near that holds off the problem for a
bit. it has a larger infant connection queue and drops some off the end
if its under attack. There has also been some talk of doing much more
'sneaky' stuff. i.e. encoding cookies in rsts instead of sending

Yes. This is the approach I like.
Store the mss info either in toto or in a table of "mss values I have
seen" as some # of bits of the iss and the rest is a one-way hard-to-guess
hash of some sort of the rest of the data (a rotating secret #, src/dest ips
and ports etc...);