Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Syn flooding attacks

  • From: Jeffrey C. Ollie
  • Date: Mon Oct 20 14:17:46 1997

Phil Howard wrote:
> 
> The server can enlarge its table of pending connections and shorten it's
> timeout on them.  Currently I think this is on the order of 2 to 3 minutes
> and I think I can live with shortening it to 20 seconds, if I could get in
> the kernel to make that change (easy for Linux, FreeBSD, etc, but not for
> most commercial systems like Solaris, NT, etc).

On the latest Linux kernels (and perhaps on other free UNIXs) there is a
feature known as "SYN cookies".  Basically this feature lets servers
eliminate the table of half open connections by carefully crafting the
ACK so that the next packet from the originating host has enough
information to fully open the connection.  This was widely discussed on
nanog and other lists when SYN flooding attacks first became popular a
year or so ago.  Check the archives for more information or check out
the Linux TCP code in the latest kernels.

Jeff
begin:          vcard
fn:             Jeffrey Ollie
n:              Ollie;Jeffrey
email;internet: jeff@ollie.clive.ia.us
tel;work:       515-965-7057
tel;fax:        515-965-7305
x-mozilla-cpt:  ;0
x-mozilla-html: TRUE
version:        2.1
end:            vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.