[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Re: syn_flood dos attack (Nico Meijer)

Subject: Re: [cobalt-security] Re: syn_flood dos attack (Nico Meijer)
From: Nick Drage <nickd@xxxxxxxxx>
Date: Wed, 2 Jan 2002 12:15:59 +0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Tue, Jan 01, 2002 at 03:31:01PM -0600, Jordan Lowe wrote:
> Well, I tried using the iptables stuff- (echo 1 >
> /proc/sys/net/ipv4/tcp_syncookies),

Just to be picky, this isn't related to "iptables" AFAIAA.

> and I still see the syn stuff, but I > think its working.
> Apache hasn't crashed yet, which is great.  Thanks Nico,
> I appreciate the info.

Read up on syncookies here, though it is more of a justification than an
explanation:

http://cr.yp.to/syncookies.html

And I don't if this problem has been solved or not within CobaltOS:

http://archives.neohapsis.com/archives/linux/redhat/2001-q4/0107.html

So while that problem is non-trivial to exploit, by invoking an old
version of syn-cookies when you're not actually undergoing SYN flood
attacks could actually weaken your security rather than strengthen it.

-- 
Nick Drage - Security Architecture - Demon Internet
"A lonely voice
 Echoing through the wilderness
 Request Timed Out"

References:
- [cobalt-security] Re: syn_flood dos attack (Nico Meijer)
  - From: Jordan Lowe

Prev by Date: Re: [cobalt-security] Re: syn_flood dos attack (Nico Meijer)
Next by Date: [cobalt-security] Bastille distrib
Previous by thread: Re: [cobalt-security] Re: syn_flood dos attack (Nico Meijer)
Next by thread: [cobalt-security] Bastille distrib

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index