[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] syn_flood dos attack
- Subject: Re: [cobalt-security] syn_flood dos attack
- From: Nick Drage <nickd@xxxxxxxxx>
- Date: Tue, 1 Jan 2002 16:27:55 +0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tue, Jan 01, 2002 at 01:29:54PM +0100, Nico Meijer wrote:
> >I'm having a issue on an old raq XTR (yes, the ones that have been
> >recalled) with multiple ip addresses attacking port 80 on the server.
As has been pointed out elsewhere, do ensure that this is a genuine SYN
flood, rather than an annoyance.
If there isn't an absolute barrage of packets, it could be a broken
router, firewall or proxy server ( especially as its port 80 ) in the
way. The broken device is sending the SYN to you, you're replying with
an ACK, which at some point is then incorrectly dropped or misrouted on
the way back; so you get a kind of gentle SYN flood effect.
--
Nick Drage - Security Architecture - Demon Internet
"A lonely voice
Echoing through the wilderness
Request Timed Out"