dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
501
share rss forum feed


Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink

1 recommendation

On the other hand... (thinking more after submitting)

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
--
Interested in open source engine management for your Subaru?


moonpuppy

join:2000-08-21
Glen Burnie, MD

said by Cabal:

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
Except they still do barely anything about the SPAM coming from infected systems on the Comcast network.


bleearg13

join:2001-03-03
Gaithersburg, MD

1 recommendation

reply to Cabal

said by Cabal:

Knocking it down is a good thing.
Except when you have folks with the Fasterfox Add-on for Firefox that can be used to tweak the number of sessions opened per page.


FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 edit
reply to Cabal

said by Cabal:

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
Also, I noticed that if I tune the Firefox addon Fasterfox to a high "max connections per server" value, I can occasionally get a "connection was reset" message. Setting it back to default values eliminated the problem. Maybe all Comcast is doing is adhering to RFC specs and banging those sessions that use too high a value.


Check out the comment on the turbo option.
--
My BLOG .. .. Internet News .. .. My Web Page


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
Reviews:
·Vitelity VOIP
reply to moonpuppy

said by moonpuppy:

Except they still do barely anything about the SPAM coming from infected systems on the Comcast network.
They deploy port 25 block config files to modems on a regular basis. Unfortunately, it's a reactive approach so it's going to be significantly less effective than other providers who have already walled off external port 25 access.


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
Reviews:
·Vitelity VOIP
reply to Cabal

said by Cabal:

100 SYN packets per second to the same address is what most engineers would consider a SYN flood.
Exactly - this will trip DoS mitigation hardware from Cisco, Tipping Point, Checkpoint, Arbor, etc.

What next? If I make several connection attempts to DoD network addresses Comcast dispatches the FBI to throttle my connection by taking my hardware?

The number of unrelated events that we can relate to Comcast throttling are endless - time to get creative people!


Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12
reply to Cabal

said by Cabal:

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
Doesn't Windows XP in most cases (post-SP2 anyway) have a limit of 10 half-open SYN sessions?

So, in reality, the only people this would affect, is the people who have hacked out that limitation ... which is almost guaranteed to be Johnny Bittorrent and his uber leet buddies who think setting uTorrent to 6000 sessions means faster downloads?


packetpusher
Premium
join:2005-03-22
Oakville, ON
reply to espaeth

said by espaeth:

said by Cabal:

100 SYN packets per second to the same address is what most engineers would consider a SYN flood.
Exactly - this will trip DoS mitigation hardware from Cisco, Tipping Point, Checkpoint, Arbor, etc.

What next? If I make several connection attempts to DoD network addresses Comcast dispatches the FBI to throttle my connection by taking my hardware?

The number of unrelated events that we can relate to Comcast throttling are endless - time to get creative people!
We have to make a decision, and I think this should be one of those opt-out kind of deals. On the one hand you have a vast multitude of users who have infected computers, and don't know how to control them. On the other hand you have users who may generate traffic that fits the traffic profile of an infected box, but it legitimate. For the sake of protecting the stability of the internet there should be an option to deploy this type of attack mitigation (syn rate limiting) tech to protect home users. Power users or techs should have a way to opt out and of this and simply get the dumb pipe we all have been craving for lately.