Understanding and Defending Against SYN Attacks


Alexis Rosen
Owner, PANIX/Public Access Networks Corp.

On Sept. 6, 1996, panix.com was attacked with a TCP 'SYN packet' flood. attack. Every Internet site is vulnerable to this kind of attack, whether or not a firewall is in place. As the first subject of such an attack to go public, PANIX has been at the center of efforts to develop defenses.

Although experts had known about the possibility of this type of attack for over a decade, code for these attacks had recently been published in 2600 and also in Phrack and reports of this type of attack are becoming increasingly common. With the publication of this code, anyone who can run the source can wield a devastating attack on any site on the net. The attack on PANIX was modified to be even more difficult to defend against than the methods described in these publications.

Alexis Rosen coordinated technical operations at PANIX and also served as liaison among researchers, site administrators, journalists and others following this issue. He will describe the nature of the attack, and discuss the various defenses considered and the measures implemented at PANIX to minimize the impact of the attacks, long-term solutions and the constraints involved in implementing them,