IMHO if you are really worried about this type of attack, then setting up an IDS with some type of proactive blocking mechanism would defeat such attacks. Snort with snortsam comes to mind!! It offers great ways to block based on a number of different reasons. Check 'em out!! www.snort.org and www.snortsam.net[.] -Russ
> D> The issue is not one of "can the firewall stop this" > because many firewalls, even low end software based versions > like Black Ice now include a syn proxy agent. This issue is > more of link > D> saturation. This is a hybrid attack: high bandwidth AND > syn packet reorganization. Protecting your server is the > part that a firewall will help with. Protecting the link and > edge router is the > D> other, and can only be done at the upstream infrastructure > level. The point is that these types of packets are spoofed > so you can't simply "drop the offending ip" due to the IP > header spoofing: > D> you can't even find out what IP the attack is coming from. > So all you can do is have the upstream block access to the > port and IP being attacked(to free up the bandwidth). If > this is a critical > D> port, you are down. > --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. --- To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
