Bugtraq mailing list archives
Re: Excellent host SYN-attack fix for BSD hosts
From: casper () holland Sun COM (Casper Dik)
Date: Mon, 14 Oct 1996 09:08:08 +0200
"Charles M. Hannum" <mycroft () mit edu> writes:
Avi Freedman <freedman () netaxs com> writes:No state is kept locally; when a SYN is received, an ISS is generated that contains a few bits for reference into a table of MSS values; window size and any initial data is discarded; and the rest of the ISS is the MD5 output of a 32-byte secret and all of the interesting header info.This doesn't seem to deal with window scaling, which is a big lose on high-bandwidth networks. It also breaks TCP's algorithm for recognizing stale data.
It also breaks "naked SYN" filtering which is commonly employed as a way to let established connections through without much effort and filter only those TCP packets that have a SYN. (Stuff like Cisco's establised keyword) If you want to use "SYN cookies", as this approach is commonly called, you should only start to employ them when the connection queue is full. Casper
Current thread:
- Re: Excellent host SYN-attack fix for BSD hosts Scriptors of DOOM (Oct 11)
- <Possible follow-ups>
- Re: Excellent host SYN-attack fix for BSD hosts Mark Graff (Oct 11)
- Poorly setup news servers Alan Brown (Oct 12)
- HPUX PPP Bug - bugger.ppl Aleph One (Oct 12)
- Re: Poorly setup news servers Bryan Reece (Oct 12)
- Re: Excellent host SYN-attack fix for BSD hosts Avi Freedman (Oct 12)
- Poorly setup news servers Alan Brown (Oct 12)
- Re: Excellent host SYN-attack fix for BSD hosts Charles M. Hannum (Oct 13)
- Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Granville Moore (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Vern Paxson (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Alan Cox (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Darren Reed (Oct 15)
- ftpd bug? Was: bin/1805: Bug in ftpd James Poland 6-5251 (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Steve Kann (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts D. J. Bernstein (Oct 15)
(Thread continues...)