Berkeley Software Design Inc of Colorado Springs, Colorado and Jerusalem, Israel-based Check Point Software Inc, have both released free software designed to thwart hackers who flood sites with synchronizing packets. Check Point’s SYNDefender software module works with its FireWall-1 product. It can either intercept SYN packets and relay them to the server only if it determines them to be valid, or it can accept all connection attempts and move them from the backlog queue to the open connections queue, which Check Point says is more easily handled by the server. Berkeley Software’s answer is to provide a set of patches that reduce the resources that an attacker can consume as well as a kernel-level packet filter so that Internet access providers can filter out spoofed addresses at the source. Berkeley Software admits that even with their patches, a hacker could conceivably swamp the victim with bogus SYNs if they came from a T-1 or faster connection – an attack strategy that would be likely to create a bottleneck with the Check Point product as well. For details of the software, the companies can be reached at http://www.bsdi.com/press/19961002.html and http://www.checkpoint.com respectively.
