Alec,
I agree but if the NAS has the ability of raising a flag if a
malicious user (done with the user of a filter at the edge) tried to
create havoc, it would make your life much easier in not only
tracking, but possibly taking legal action.
Pat R. Calhoun e-mail: pcalhoun@usr.com
Project Engineer - Lan Access R&D phone: (847) 933-5181
US Robotics Access Corp.
______________________________ Reply Separator _________________________________
Subject: Re: Re[4]: SYN floods (was: does history repeat itself?)
Author: "Alec H. Peterson" <chuckie@panix.com> at Internet
Date: 9/10/96 5:05 PM
Pat Calhoun writes:
>
> Alexis,
>
> However if you are filtering on your outbound router to the net,
> there is still the possbility that a malicious user could spoof
> addresses as long as they belong to your address space. By moving the
> filter out to the edge (when you have the equipment) this eliminates
> that problem as well.
This is true, but if it is a valid host, the invalid SYNs will do
nothing, because the source host will send a RST and the
almost-connection will be torn down. And if it isn't a valid host, it
will still be _much_ easier to track, because you know in general where
it's coming from.
Alec
--
+------------------------------------+--------------------------------------+
|Alec Peterson - chuckie@panix.com | Panix Public Access Internet and UNIX|
|Network Administrator/Architect | New York City, NY |
+------------------------------------+--------------------------------------+
I agree but if the NAS has the ability of raising a flag if a
malicious user (done with the user of a filter at the edge) tried to
create havoc, it would make your life much easier in not only
tracking, but possibly taking legal action.
Pat R. Calhoun e-mail: pcalhoun@usr.com
Project Engineer - Lan Access R&D phone: (847) 933-5181
US Robotics Access Corp.
______________________________ Reply Separator _________________________________
Subject: Re: Re[4]: SYN floods (was: does history repeat itself?)
Author: "Alec H. Peterson" <chuckie@panix.com> at Internet
Date: 9/10/96 5:05 PM
Pat Calhoun writes:
>
> Alexis,
>
> However if you are filtering on your outbound router to the net,
> there is still the possbility that a malicious user could spoof
> addresses as long as they belong to your address space. By moving the
> filter out to the edge (when you have the equipment) this eliminates
> that problem as well.
This is true, but if it is a valid host, the invalid SYNs will do
nothing, because the source host will send a RST and the
almost-connection will be torn down. And if it isn't a valid host, it
will still be _much_ easier to track, because you know in general where
it's coming from.
Alec
--
+------------------------------------+--------------------------------------+
|Alec Peterson - chuckie@panix.com | Panix Public Access Internet and UNIX|
|Network Administrator/Architect | New York City, NY |
+------------------------------------+--------------------------------------+
Attached Files:
-
RFC822 message headers (0.90 KB)