home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.protocols.tcp-ip      TCP and IP network protocols.      14,669 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 13,140 of 14,669   
   Char Jackson to m@rtij.nl.invlalid   
   Re: sequence number rewrite   
   05 Nov 09 12:01:54   
   
   From: none@none.invalid   
      
   On Wed, 4 Nov 2009 19:25:36 +0100, Martijn Lievaart   
    wrote:   
      
   >Any firewall that tries to handle SYN floods by spoofing the connection   
   >until the three way handshake is complete. Firewall-1 does this for   
   >instance and I suspect others as well.   
      
   F5 BigIP load balancers do the same thing. Enabling syn flood   
   protection means new connections are spoofed, (they call it proxying),   
   until the three way handshake is complete. After a configurable amount   
   of time or when the buffer reaches a certain point of utilization,   
   whichever comes first, old syn's without ack's are purged.   
      
   I'm in favor of filtering this stuff out sooner rather than later, so   
   I'm in favor of doing it in a centralized network device such as a   
   firewall or load balancer rather than allowing the bogus traffic to   
   reach the individual hosts.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca