[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] SYN attacks killing me! Please HELP!
- Subject: RE: [cobalt-security] SYN attacks killing me! Please HELP!
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Tue, 23 Jul 2002 03:00:52 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
MN> Date: Mon, 22 Jul 2002 22:05:29 -0400
MN> From: Matthew Nuzum
MN> I checked with my upstream provider and found that they
MN> handle this type of problem in their routers and switches.
MN> They use Cisco and Foundry equipment which (from what I've
MN> heard) is some of the best.
Both of those have their share of bugs; I'd not say "the best",
but I think "some of the best" is reasonable. However, there
are some nasty bugs that cause nasty problems in the real world.
Beware of vendor hype. (Yes, we run a fair amount of Cisco
gear.)
The correct way probably is using TCP intercept. The one who
controls the router does this. Blocking is ineffective and
obviously can have side-effects.
Ernesto, ask your provider to try TCP intercept. It will block
bogus SYN requests without dropping valid ones. Their router
should be able to handle it.
MN> However even if your ISP uses lower end hardware, they should
MN> be able to block this kind of stuff. I'm sure they'd rather
MN> be doing other things than rebooting blue boxes all the time.
MN>
MN> I'd really try to get those guys to help you out on this.
Agreed.
A competent provider knows what to do. A half-competent provider
knows for what to search on Google. An incompetent provider does
not deserve one's business. ;-)
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.