Hi Nico,
> > SYN flood != traffic flood > > Wow, Big Bad on my part... Of course you are right, what was I > thinking? I probably was confusing these two types of flooding. > Apologies. I, of course, never make typos or erroneous statements. ;-) And if you believe that, I have all sorts of magic potions to sell you... No problem. It was probably a good exercise to summarize a SYN flood, anyway. Sort of like CJ was keen to mention backscatter, which I had forgotten to address. Quick addendum while we're on it: Non-spoofed SYN floods built using raw IP sockets mean that the attacker will send a RST in response to the SYN+ACK, as there is no TCP socket awaiting SYN+ACK. The best way to trace these things is having a clueful upstream. And, please, everyone block spoofed packets at your edge unless you have a _really_ good reason not to. Especially if you're running colo... it's the right thing to do. Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
