[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: syn_flood dos attack (Nico Meijer)
- Subject: Re: [cobalt-security] Re: syn_flood dos attack (Nico Meijer)
- From: Nick Drage <nickd@xxxxxxxxx>
- Date: Wed, 2 Jan 2002 12:15:59 +0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tue, Jan 01, 2002 at 03:31:01PM -0600, Jordan Lowe wrote:
> Well, I tried using the iptables stuff- (echo 1 >
> /proc/sys/net/ipv4/tcp_syncookies),
Just to be picky, this isn't related to "iptables" AFAIAA.
> and I still see the syn stuff, but I > think its working.
> Apache hasn't crashed yet, which is great. Thanks Nico,
> I appreciate the info.
Read up on syncookies here, though it is more of a justification than an
explanation:
http://cr.yp.to/syncookies.html
And I don't if this problem has been solved or not within CobaltOS:
http://archives.neohapsis.com/archives/linux/redhat/2001-q4/0107.html
So while that problem is non-trivial to exploit, by invoking an old
version of syn-cookies when you're not actually undergoing SYN flood
attacks could actually weaken your security rather than strengthen it.
--
Nick Drage - Security Architecture - Demon Internet
"A lonely voice
Echoing through the wilderness
Request Timed Out"