On Thu, 10 Apr 2003, Matt Hellman wrote: > I'm not terribly well versed in the various flag settings during session > setup and tear down, however this doesn't seem likely to be very effective. > The end result would probably just be a lot more traffic on your own little > connection to the Internet. Bandwidth isn't as much of an issue with syn/ack packets as is the load on the system. This is why the old synflood was so devastating. > Or worse, someone could figure out what you're > doing and flood you with SYN packets with spoofed source addresses. It may > not effect the resources on your firewall (assuming your not keeping the > connection state) but others sure won't appreciate getting a bunch of > SYN-ACK packets from you;) This can already be done. If I fake a SYN packet from you do, say, DNS root server A, you get traffic from root server A. Maybe a lot of traffic. It does use more bandwidth as most hosts will reply with an RST, so there is inbound and output traffic. How effective this is depends on the ratio of bandwidth in control of the attacker to the limits of bandwidth that the victim has, and also the capabilities of the intermediate system.
