Machine Latency Methods for increasing end-node processing
Fake entire three way handshake
Fake connections to well known sniffed ports
Use “legitimate” ether addresses that still have no physical presence
Fake huge numbers of sessions
Fake huge numbers of SYN recv’d states
The trick is to make the sniffing application
process as much as possible in user space
Previous slide
Next slide
Back to first slide
View graphic version