|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: router syn/syn-ack/ack alarming...
i think that they're talking about shutting down the source, not the destination. if you deploy it on your own incoming interface, well, gun - foot - bang :-) Jeff Young young@mci.net > From: Regis Donovan <regisdo@microsoft.com> > To: "'nanog@merit.edu'" <nanog@merit.edu> > Subject: router syn/syn-ack/ack alarming... > Date: Tue, 17 Sep 1996 13:23:35 -0700 > X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.24 > Encoding: 13 TEXT > Sender: owner-nanog@merit.edu > Content-Type: text > Content-Length: 522 > > um... maybe i'm missing the clue here, but if the router vendors add > something that shuts down an interface if the SYN/SYN-ACK/ACK ratio > becomes too bad make it *easier* for me if i'm doing a denial of service > attack on a host? > > instead of denying service to a given host, all i have to do is drive > the router into alarm mode so it shuts off the interface and then i get > to deny service to an entire segment and everything downstream from that > segment... > > here's to better bang for your cracker-kiddie buck... > --regis > > - - - - - - - - - - - - - - - - -
|