Ben wrote: >SYN cookies (the protective fix) since '99? Some >other date? > > Ben
I was under the impression that SYN cookies were considered a bad idea for production use, though I always thought they were a creative solution. I believe Linux (maybe some *BSDs) was the only OS to actually implement the feature. Anyhoo, in Solaris and other systems SYN floods are generally mitigated at the kernel level by dorking with the various connection queue settings. I believe this holds true for Windows as well. For a true DDOS, though, I think you have to look for solutions at the network layer. Cisco, Foundry, Check Point, and others have had SYN flood controls for quite a long time. They essentially work, for the most part, as SYN proxies, i.e. they will handle the original SYN and SYN ACK and will pass the connection on once the 3-way is complete. On the other hand, if its a true bandwidth-based attack where your pipe is filling up, you are unfortunately hosed unless you can get help from your upstream provider(s). Running bandwidth throttling through CAR or some other means at your border router will not buy you anything, since the route all the way to your front door (network edge) is full. Happy to be back in OR, Jason __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
