Re: No more DoS

2000-12-22 Thread kuznet
Hello! > http://grc.com/r&d/nomoredos.htm > > With my limited unstanding of TCP and DoS attacks this would seem to be the > answer, instead of a work around. More elaborated version of this "answer" is used in linux for ages under name of syncookies. The approach, proposed here, is a bit diffe

Re: No more DoS

2000-12-21 Thread David S. Miller
From: Michael Peddemors <[EMAIL PROTECTED]> Date: Thu, 21 Dec 2000 20:20:06 -0800 > I think not holding onto any state for an incoming SYN is nothing but > a dream in any serious modern TCP implementation. It can be reduced, > but not eliminated. The former is what most modern st

Re: No more DoS

2000-12-21 Thread Michael H. Warfield
On Fri, Dec 22, 2000 at 01:24:44PM +1100, Mike OConnor wrote: > Hi > I would like to point who ever is in charge of the TCP stack for the linux > kernel at a site which claims to have a method of eliminate denial of service > (DoS) attacks > http://grc.com/r&d/nomoredos.htm > With my limited

Re: No more DoS

2000-12-21 Thread Michael Peddemors
> Furthermore, it also cannot work because it makes retransmissions > of the SYN/ACK very non-workable. I suppose his TCP stack just hacks > around this by just waiting for the original client SYN to get > retransmitted or something like this. I question whether that can > even work reliably. B

Re: No more DoS

2000-12-21 Thread Michael Peddemors
Not only is this a well written article, and clearer than most other documents (Even Mine :>) but he is dead on track with his basic concepts.. Exactly what I have been looking into over at our company. (Well, close enough) The concept of trusting a SYN packet, has to go.. we have to assume tha

Re: No more DoS

2000-12-21 Thread Tom Vier
This has already been discused here and on slashdot, on 9/25/2000. On Fri, Dec 22, 2000 at 01:24:44PM +1100, Mike OConnor wrote: > I would like to point who ever is in charge of the TCP stack for the linux > kernel at a site which claims to have a method of eliminate denial of service > (DoS) a

Re: No more DoS

2000-12-21 Thread David S. Miller
Date:Fri, 22 Dec 2000 13:24:44 +1100 (CST) From: Mike OConnor <[EMAIL PROTECTED]> I would like to point who ever is in charge of the TCP stack for the linux kernel at a site which claims to have a method of eliminate denial of service (DoS) attacks http://grc.com/r&d/no

No more DoS

2000-12-21 Thread Mike OConnor
Hi I would like to point who ever is in charge of the TCP stack for the linux kernel at a site which claims to have a method of eliminate denial of service (DoS) attacks http://grc.com/r&d/nomoredos.htm With my limited unstanding of TCP and DoS attacks this would seem to be the answer, inst