Re: TCP SYN attacks

[Avi Freedman <freedman () netaxs com>]

> On Thu, 3 Oct 1996, Ran Atkinson wrote:
>
> > > Dima Volodin writes:
> > > > Now can I hold my breath waiting for vendors to incorporate this stuff
> > > > into their products?
> >
> > At least BSDI, Sun, SGI, and HP are working on TCP SYN hardening.
> > (yes, cisco is also on top of things :-).
> >
> > I have no data on what might be up at other vendors.
>
> the linux ip folk have released at least one patch (available near
> http://www.uk.linux.org/NetNews.html) that holds off the problem for a
> bit.  it has a larger infant connection queue and drops some off the end
> if its under attack.  There has also been some talk of doing much more
> 'sneaky' stuff.  i.e. encoding cookies in rsts instead of sending
> synacks..

Yes.  This is the approach I like.
Store the mss info either in toto or in a table of "mss values I have
seen" as some # of bits of the iss and the rest is a one-way hard-to-guess
hash of some sort of the rest of the data (a rotating secret #, src/dest ips 
and ports etc...);

> zach

Avi

- - - - - - - - - - - - - - - - -