back to article It's a, it's a, it's a SYN flood: Quick, ditch that packet

What if all you had to do to block SYN-based denial-of-service attacks was drop the first incoming SYN packet? That intriguing idea was put forward this week, in this Internet-Draft. SYN floods are a basic “cheap and cheerful” DDoS – an attacker with a botnet handy gets the machines to send TCP SYN messages (these are the …

  1. Anonymous Coward
    Anonymous Coward

    Great idea...

    Internet isn't slow enough yet, so let's force clients to time-out and retry their connections.

  2. Number6

    So the DDOS crew mod their end to send each SYN packet twice. Back to the same problem as before.

    1. Sgt_Oddball Silver badge

      Before you know it...

      Mr. President, we must not allow a mineshaft packet gap!

    2. A.P. Veening

      Sending SYN packet twice

      You are forgetting the timer, which will start upon reception of the second SYN packet and will close the connection if the ACK packet isn't received before time-out.

  3. rcxb

    Syn flooding has been adequately addressed for decades. DDoSes don't bother with such tricks anymore, they just send a huge amount of traffic.

    1. Fungus Bob Silver badge

      Well, South Korea is a little behind the times - they're still using Internet Explorer 6 due to some dumb security law.

    2. Alister Silver badge

      DDoSes don't bother with such tricks anymore

      Really? I wish you'd tell that to the bastards who are currently sending > 1GB/s of SYN packets at one of my networks.

  4. chuBb.

    Syn greylisting would work as well as it does for email

    Not very well in other words, too many crap network stacks out their which would fail never mind it working properly looks like it's broken to end users except here it would be much more subtle than a missing expected email and would manifest as security gates failing open or closed etc. Due to aforementioned crap network stacks

  5. Frumious Bandersnatch Silver badge

    Shareholder fraud

    I'm sorry, but I'm going to have to complain about your use of the phrase "from the week that was" as a sub-head for the article insofar as it relates to last week, on account of it seeming to be a deliberate attempt to up it too big.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019