From michael@memra.com Fri Sep 20 06:42:18 1996 From: Michael Dillon <michael@memra.com> To: inet-access@earth.com Subject: Re: SYN Attack FAQ I think the timeout is 75 seconds. Maybe you could check this with Avi. [note from bc: this is in reference to the time a socket is kept in a half-open state after a SYN received. If the corresponding SYN-ACK is not received within 75 sec., the connection is dropped. The general consensus seems to be that this time is too long.] Could you also include the Bay filtering instructions that were posted on inet-access. Also, I hope you include the clarifications in your Livingson instructions. I think you are being too harsh when you say "Basically nothing; that's what makes it so scary.". You should say there ar three things that can be done: 1. hardening the OS .... 2. The RealSecure program mentioned on the firewalls list archived at http://www.greatcircle.com/firewalls/archive/firewalls.9609.Z or by sending subscribe realsecure to majordomo@iss.net as mentioned in the PC Week article at http://www.pcweek.com/news/0916/16epanix.html 3. building a SYN proxy as mentioned on the firewalls list at http://www.greatcircle.com/firewalls Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
<webmaster@mtiweb.com>