Other filtering ideas.

From michael@memra.com Fri Sep 20 06:42:18 1996
From: Michael Dillon <michael@memra.com>
To: inet-access@earth.com
Subject: Re: SYN Attack FAQ

I think the timeout is 75 seconds. Maybe you could check this with Avi.
[note from bc: this is in reference to the time a socket is kept in a half-open
 state after a SYN received.  If the corresponding SYN-ACK is not received
 within 75 sec., the connection is dropped.  The general consensus seems
 to be that this time is too long.]

Could you also include the Bay filtering instructions that were posted on
inet-access. Also, I hope you include the clarifications in your Livingson

I think you are being too harsh when you say "Basically nothing; that's
what makes it so scary.". You should say there ar three things that can be

1. hardening the OS ....

2. The RealSecure program mentioned on the firewalls list archived
   at http://www.greatcircle.com/firewalls/archive/firewalls.9609.Z
   or by sending

   subscribe realsecure

   to majordomo@iss.net as mentioned in the PC Week article at
3. building a SYN proxy as mentioned on the firewalls list at

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael@memra.com

Last modified