From proff Thu Oct 3 08:01:36 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id IAA03679 for best-of-security; Thu, 3 Oct 1996 08:01:35 +1000 Received: (sendmail@localhost) by suburbia.net (8.7.4/Proff-950810) id HAA03655 for ; Thu, 3 Oct 1996 07:59:29 +1000 Received: from relay4.UU.NET(192.48.96.14) via SMTP by suburbia.net, id smtpd03652aaa; Thu Oct 3 07:59:23 1996 Received: from miles.greatcircle.com by relay4.UU.NET with ESMTP (peer crosschecked as: miles.greatcircle.com [198.102.244.34]) id QQbjsx27439; Wed, 2 Oct 1996 17:58:55 -0400 (EDT) Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA15126 for firewalls-outgoing; Wed, 2 Oct 1996 13:28:44 -0700 (PDT) Received: from gw.lsli.com (gw.lsli.com [206.50.87.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id NAA15066 for ; Wed, 2 Oct 1996 13:28:28 -0700 (PDT) From: firstcat@lsli.com Received: by gw.lsli.com id AA19213; Wed, 2 Oct 1996 15:26:43 -0500 Received: by lsli.com via smwrap Version 2.2 id smwrapOAsDiQ; Wed Oct 2 15:26:12 1996 Date: Wed, 2 Oct 96 15:23:29 Subject: ANNOUNCE: Livermore Solution for SYN FLOOD To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Approved: proff@suburbia.net Livermore Software Labs. Announces Defense against SYN Flooding Attacks: N.O.A.H. Component Lets Firewall Rise Above SYN Floods HOUSTON, TX ( October, 1996) Livermore Software Laboratories, International announced its SYN flood defense for the PORTUS firewall, N.O.A.H.. PORTUS is the first application firewall to defend against the SYN flood attacks that have denied service to many systems on the Internet. The PORTUS monitor automatically detects SYN flood attacks, manages the partially completed connection queue, deletes old entries, and alerts the systems administrators. PORTUS performs queue management, adjusting queue lengths, high and low water marks based on system status. PORTUS has always prevented systems behind the firewall from receiving SYN attacks. With the new enhancement PORTUS also protects itself from denial of service attacks. Unlike other approaches taken by packet filter firewalls, PORTUS' N.O.A.H. never lets a system behind the firewall see a SYN flood attack. As a result, protected servers never see a invalid SYN and ACK. Thus the server does not have to respond by spawning a process to support a connection that will eventually timeout. This prevents the server from wasting cpu and memory resources responding to hundreds superfluous connection requests, which could cause other system problems(such as crashes). NOAH is a standard component in the PORTUS V2.2 release, and will ship October 5th to LSLI's existing customers, and enter general distribution the following week. PORTUS is available through standard distribution channels and LSLI directly. For more information contact LSLI at 713/ 974-3274. Livermore Software Labs http://www.lsli.com