[4212] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Bernd Eckenfels)
Wed Aug 28 03:34:04 1996
To: submit-linux-dev-net@ratatosk.yggdrasil.com
From: ecki@inka.de (Bernd Eckenfels)
Date: 28 Aug 1996 02:22:26 GMT
Racer X <shagboy@wspice.com> wrote:
: All we have to do is add a hook to allow the behavior to be changed to
: suit. Before accepting any connection, the kernel checks to see if a
: CHECK_REVERSE flag is set. If it's not, we don't care if we can reverse
: them or not. The only time we set the flag is when we think there's a
: SYN flood occuring, which can be checked for (and the flag changed by) a
: userland daemon.
You can't to reverse checks on the attackt host, you have to do it on all
intermediate routers. What do u want to check for a package comming from
1.2.3.4? Is this realy from 1.2.3.4 and wants to access your www-port, or
ist this from 2.3.4.5 and wants to fill up your listen backlog? You never
know and you cant check anything except fo waiting to the ack of the ack
(what you do anyway).
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
( .. ) ecki@lina.{inka.de,ka.sub.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
