|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: BSDI announcement about defense against syn-flooding attacks
On Thu, 3 Oct 96 16:35:13 PDT Rob Liebschutz wrote: > They've made a big announcement about it, but the code doesn't yet > appear to be on their ftp site. The announcement does not describe > what approach they took to solving the problem (presumably something > more then their existing patch for the larg PCB hash table). See > http://www.bsdi.com/press/19961002.html for the full announcement. > > It scares me to think how much effort has gone into defense against > this one denial of service attack when there are endless possibilities > for other ones. Actually, they released a number of patches all at once, including (quoting the notice just sent out by polk@bsdi.com): The remainder of the patches (K210-021, K210-022, and U210-025) add support for IP source checking, and for reducing and/or eliminating problems associated with SYN attacks, IP fragment attacks, and some other denial of service/looped server attacks. Unfortunately, these are available only for BSD/OS 2.1 -- nothing for prior releases. William Sommers San Francisco Online Televolve, Inc. sommers@sfo.com - - - - - - - - - - - - - - - - -
|