nanog mailing list archives
Re: Syn flooding attacks
From: "Jeffrey C. Ollie" <jeff () ollie clive ia us>
Date: Mon, 20 Oct 1997 12:49:20 -0500
Phil Howard wrote:
The server can enlarge its table of pending connections and shorten it's timeout on them. Currently I think this is on the order of 2 to 3 minutes and I think I can live with shortening it to 20 seconds, if I could get in the kernel to make that change (easy for Linux, FreeBSD, etc, but not for most commercial systems like Solaris, NT, etc).
On the latest Linux kernels (and perhaps on other free UNIXs) there is a feature known as "SYN cookies". Basically this feature lets servers eliminate the table of half open connections by carefully crafting the ACK so that the next packet from the originating host has enough information to fully open the connection. This was widely discussed on nanog and other lists when SYN flooding attacks first became popular a year or so ago. Check the archives for more information or check out the Linux TCP code in the latest kernels. Jeff
Attachment:
vcard.vcf
Description: Card for Ollie, Jeffrey
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Syn flooding attacks Paulo Maffei (Oct 20)
- Re: Syn flooding attacks Phil Howard (Oct 20)
- Re: Syn flooding attacks Jeffrey C. Ollie (Oct 20)
- Re: Syn flooding attacks Peter Evans (Oct 20)
- Re: Syn flooding attacks Kenneth E. Gray (Oct 21)
- <Possible follow-ups>
- Re: Syn flooding attacks Vern Paxson (Oct 20)
- Re: Syn flooding attacks Joe Shaw (Oct 20)
- Re: Syn flooding attacks Perry E. Metzger (Oct 20)
- Re: Syn flooding attacks Joe Shaw (Oct 20)
- Re: Syn flooding attacks Jim Shankland (Oct 20)
- Re: Syn flooding attacks Perry E. Metzger (Oct 20)
- Re: Syn flooding attacks Phil Howard (Oct 20)