[Courses] [security] tcp_syncookies

Kai MacTane kmactane at GothPunk.com
Fri Apr 12 19:13:43 EST 2002 

At 4/12/02 06:38 PM , Raven, corporate courtesan wrote:
> > If that's not what a SYN flood attack looks
> > like, I'd like to know what the heck it *was*.)
>
>         Syn flood.  [grin]  Those symptoms are classic.

Thanks. that's nice to know.

> > D'oh!
>
>         Not d'oh for you!  There was a vulnerability in syncookies
>handling in pre 2.2.19-7 and 2.4.9-12 (that's you) kernel versions that
>you'd open yourself up to if you turned it on.

Well, then I'm damned glad I didn't turn it on without checking first. I 
guess it's time to upgrade my kernel...

>         There's a big argument about this.  It's a non-default way of
>handling TCP.  Some folks think this is a Bad Thing.
>
>http://www.uwsg.iu.edu/hypermail/linux/kernel/9912.3/0043.html
>
>Others (notably Dan Bernstein, the inventor of syncookies) think it's
>grand:

DJB thinks his own <ahem> is gold. Granted, his software is usually 
fabulous (if completely bizarre in UI architecture). But a testimonial from 
the product's own author is always sort of dodgy.

"Hey, I liked it so much... I wrote it!"

>         They should be on if you are actively getting synflooded, most
>everyone agrees.

I'll do that, then. [Rummages around calendar for time-chunk big enough for 
kernel recompile.]

>         Usually, /etc/sysctl.conf is the configuration file that sets
>system-wide TCP/IP options.

No such file over here on Slackware -- oh, well. I can always just echo 
things direct to the files in the rc.inet1 init script (which is probably 
the intended Slack Way(tm)).

>You:    "Aha!  I will make my remote server safer!"
>
>raven at dahlia    /etc/rc.d/init.d/network stop
>
>[network stops, kicks you out, does not start again]
>
>You:    "Grrrrrrr."

I think I did that once, but the machine was only about 20 feet away. Which 
was a nice way to learn not to do it on machines that are miles distant.

                                                 --Kai MacTane
----------------------------------------------------------------------
"It can't rain all the time/Your tears won't fall forever"
                                                 --Hangman's Joke

More information about the Courses mailing list