Other filtering ideas.

From michael@memra.com Fri Sep 20 06:42:18 1996
From: Michael Dillon <michael@memra.com>
To: inet-access@earth.com
Subject: Re: SYN Attack FAQ

I think the timeout is 75 seconds. Maybe you could check this with Avi.
[note from bc: this is in reference to the time a socket is kept in a half-open
 state after a SYN received.  If the corresponding SYN-ACK is not received
 within 75 sec., the connection is dropped.  The general consensus seems
 to be that this time is too long.]

Could you also include the Bay filtering instructions that were posted on
inet-access. Also, I hope you include the clarifications in your Livingson
instructions.

I think you are being too harsh when you say "Basically nothing; that's
what makes it so scary.". You should say there ar three things that can be
done:

1. hardening the OS ....

2. The RealSecure program mentioned on the firewalls list archived
   at http://www.greatcircle.com/firewalls/archive/firewalls.9609.Z
   or by sending

   subscribe realsecure

   to majordomo@iss.net as mentioned in the PC Week article at
   http://www.pcweek.com/news/0916/16epanix.html
   
3. building a SYN proxy as mentioned on the firewalls list at
   http://www.greatcircle.com/firewalls

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael@memra.com


<webmaster@mtiweb.com>
Last modified