Tue Apr 27 13:48:18 NZST 2004
At 13:01 27/04/2004 A. Pagaltzis did say...
>* DrWho? <x_files_@i...> [2004-04-27 00:08]:
> > That seems to be the conclusion I have come to as well. The SYN
> > attack risk could be reduced by making use of the counters and
> > limiting the number of connection attempts to say 2 and then
> > dropping them there after.
>You're still susceptive to DoS, except it's now much easier,
>because you play "I can't hearing anything" as soon as someone
It would be safe to say that before an attack can be launched there will
need to be an indication that something is there to be attacked in the
first place, and if the system is fully stealthed then there will be no
replies coming from the system from any port using any protocol so unless
someone passes the IP address onto some one, or something just launches a
random attack on a random address, both of which one can do nothing about
any way, I can live with it. A DoS attack from a national or local IP will
not effect my cap and if it brings the system down also no great loss.
By structuring the chains in the correct sequence I can minimize the risk /
effect of a DoS and can live with any performance hits as a result. After
all this is not a production or commercial server!
After all, no one really has any control over what incoming traffic they
receive from upstream sources so there for concentrating on minimizing the
out going is best one can do.
>"If you can't laugh at yourself, you don't take life seriously enough."
>wlug mailing list | wlug@l...
More information about the wlug
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.