On Thu, Nov 29, 2001 at 03:29:47PM +0200, Saku Ytti wrote:
>
> Is there in JunOS something like IOS tcp intercept, which could effectively
> queue streams so that impact of dossing would be minimal to upstreams.
> Of course in cisco it's done in software which makes it mostly useless in
> backbone usage.
I believe this answers your question:
http://puck.nether.net/lists/juniper-nsp/0771.html
There are other products that do SYN flood protection, you should read this article:
http://www.theregister.co.uk/content/5/21284.html
Which links to this paper presented at the 10th USENIX Security Symposium:
http://www.tech-mavens.com/synflood.htm
Since then, vendors are getting fairly good at hardware-based SYN flood protection
in their products, in particular, the Foundry SI:
http://www.foundrynet.com/services/documentation/siug/ServerIron_DOS_Protection.html#33200
Ask your vendors what they have on the roadmap for DoS and SYN flood
protection. Also, you might want to look into other ways for DoS/SYN
flood protection; there are many good ideas out there.
-dre
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT