TechGenix and SolarWinds have partnered to provide a fully-functional, free 21-day trial version of SolarWinds ipMonitor, the WindowsNetworking.com Readers' Choice Award Winner for monitoring applications, servers, and network devices to all visitors who join Security Forums. Sign up to Security Forums and get your copy today! Existing members can pick up a copy from the Members Area.
Posted: Fri May 07, 2004 7:19 pm Post subject: syn flooding prevention
Hi maestro's,
I'm back and again with some questions and i've to say that you guys have been great at answering them. So here is my new one and please don't mind if this sounds utterly lame or cliche:
Is there a method to prevent denial of service attacks using SYN flooding without causing a denial of service ie. without inadvertently denying connection to valid packets? (Detection may be simpler i believe in that it would require noting the time interval between sucessive SYN packets...etc) Ok (as regards prevention), you could block certain IP addresses but what is the IP's are spoofed themselves? Please advise.
_______________________
Thanks...sigsegv.
yes its at least under linux called syn cookies most kernels come with this. The way it works is that when internal connection table is filled then it sends out packets witch have client ip and port and server ip and port encoded into
SYN/ACK sequence number, therfore increesing que size to amount of free ram.
Syn flods are more or less nonefective thees days, since i belive pretty much all systems have similar protection (Even MS)
HTH
Union
PS Google for more info
_________________ "Computers are like air conditioners, they stop working properly if you open Windows"
Joined: 28 Oct 2002 Posts: 1145 Location: Chicago,IL US
Posted: Sat May 08, 2004 1:11 am Post subject:
This is a great time to do some research on your own. www.google.com + syn cookies would be a great place to start. _________________ "All that is necessary for the triumph of evil is that good men do nothing." --Edmund Burke (1729 - 1797)
Joined: 23 Apr 2004 Posts: 39 Location: Canada's National Capital Region
Posted: Sat May 08, 2004 1:16 am Post subject:
sigsegv wrote:
Many Thanks...had never heard of this SYN Cookies...is there a nice white paper for this? <snip!>
The Unix/Linux Security course I took some time ago touched on syn cookies and I did some follow-up research on the subject. The URIs below will take you to some articles on syn cookies and general stack fiddling.
Cheers,
Ted
Ted Mac Daibhidh, CD
Network Intrusion Detection Specialist
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
