... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 13,144 of 14,669

Rick Jones to Char Jackson

Re: sequence number rewrite

05 Nov 09 19:13:14

   From: rick.jones2@hp.com   
      
   Char Jackson  wrote:   
   > On Wed, 4 Nov 2009 19:25:36 +0100, Martijn Lievaart   
   >  wrote:   
      
   > >Any firewall that tries to handle SYN floods by spoofing the connection   
   > >until the three way handshake is complete. Firewall-1 does this for   
   > >instance and I suspect others as well.   
      
   > F5 BigIP load balancers do the same thing. Enabling syn flood   
   > protection means new connections are spoofed, (they call it   
   > proxying), until the three way handshake is complete. After a   
   > configurable amount of time or when the buffer reaches a certain   
   > point of utilization, whichever comes first, old syn's without ack's   
   > are purged.   
      
   > I'm in favor of filtering this stuff out sooner rather than later,   
   > so I'm in favor of doing it in a centralized network device such as   
   > a firewall or load balancer rather than allowing the bogus traffic   
   > to reach the individual hosts.   
      
   I see a huge gulf separating dropping a SYN early and an intermediate   
   device pretending to be the end destination.   
      
   rick jones   
   --   
   Wisdom Teeth are impacted, people are affected by the effects of events.   
   these opinions are mine, all mine; HP might not want them anyway... :)   
   feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]