Re: syn flooding

From: Dennis Heidner (
Date: 01/21/02

From: "Dennis Heidner" <>
Date: 21 Jan 2002 00:15:59 -0800


I thought it would be easy to point to the actual incidents. Looks like
most of the references which named victims have long since been removed.
Unfortunately when you look in the archives for SYN
FLOOD, you get hundreds of hits, the same is true for CERT and NIPC. I
tried to narrow down references which talk about the "Februrary attack",
then I've added a Seattle Times article which talks about the "February
attack"... you have to make your own connection. Trinoo (if I remember
correctly was a basic SYN Flood attack) The article you referenced did a
pretty good job summarizing it.

FWIW, just a few months (May) after the attack I went to the SANS
conference on the east coast of the U.S. There was a lot of discussion
about the attacks, why, etc. I think it may have even come up in a
presentation by Richard Stevens on the new IPv6 standard.,6061,2624180-2,00.html <<---- mafia
boy arrested

> > The small personal firewalls still have problems, I've seen that
> > to several. The high-end commercial firewalls are probably in pretty
> > shape if they have recent software. The big name Dos attacks of a
> > years ago were SYN floods.
> Do you have any references to prove that? Sorry, I don't mean to argue
> every point :) I just remember no particular details being released, it
> certainly sounds like a SYN flood....
> ....for example. But I don't recall any technical details, which is, of
> course, what I'm particularly interested in.

If you search the archives at (look for SYN FLOOD), there
were other reports and traces of sites with the small personal firewalls
that were having problems from SYN DoS attacks. I