MN> Date: Mon, 22 Jul 2002 22:05:29 -0400 MN> From: Matthew Nuzum
MN> I checked with my upstream provider and found that they MN> handle this type of problem in their routers and switches. MN> They use Cisco and Foundry equipment which (from what I've MN> heard) is some of the best. Both of those have their share of bugs; I'd not say "the best", but I think "some of the best" is reasonable. However, there are some nasty bugs that cause nasty problems in the real world. Beware of vendor hype. (Yes, we run a fair amount of Cisco gear.) The correct way probably is using TCP intercept. The one who controls the router does this. Blocking is ineffective and obviously can have side-effects. Ernesto, ask your provider to try TCP intercept. It will block bogus SYN requests without dropping valid ones. Their router should be able to handle it. MN> However even if your ISP uses lower end hardware, they should MN> be able to block this kind of stuff. I'm sure they'd rather MN> be doing other things than rebooting blue boxes all the time. MN> MN> I'd really try to get those guys to help you out on this. Agreed. A competent provider knows what to do. A half-competent provider knows for what to search on Google. An incompetent provider does not deserve one's business. ;-) Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
