At 13:01 27/04/2004 A. Pagaltzis did say...
* DrWho? <x_files_(a)ihug.co.nz> [2004-04-27 00:08]:
That seems to be the conclusion I have come to as well. The SYN attack risk could be reduced by making use of the counters and limiting the number of connection attempts to say 2 and then dropping them there after.
You're still susceptive to DoS, except it's now much easier, because you play "I can't hearing anything" as soon as someone starts singing.
It would be safe to say that before an attack can be launched there will need to be an indication that something is there to be attacked in the first place, and if the system is fully stealthed then there will be no replies coming from the system from any port using any protocol so unless someone passes the IP address onto some one, or something just launches a random attack on a random address, both of which one can do nothing about any way, I can live with it. A DoS attack from a national or local IP will not effect my cap and if it brings the system down also no great loss. By structuring the chains in the correct sequence I can minimize the risk / effect of a DoS and can live with any performance hits as a result. After all this is not a production or commercial server! After all, no one really has any control over what incoming traffic they receive from upstream sources so there for concentrating on minimizing the out going is best one can do. Regards, Brett.
-- Regards, Aristotle
"If you can't laugh at yourself, you don't take life seriously enough." _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug