[4612] in linux-net channel archive
Re: SYN attacks.
daemon@ATHENA.MIT.EDU (Lefty)
Tue Oct 1 03:30:47 1996
Date: Sun, 29 Sep 1996 04:05:38 GMT
From: lefty@sliderule.geek.org.uk (Lefty)
To: linux-net@vger.rutgers.edu, tmuller@agora.rdrop.com
> Hello,
> >
> Does anyone have a explaination as to the FIX that has been put into
> Linux 2.0.xx? The gentleman below seems interested to post a article on
> the web. This will be in the techwatch section of time on
> Pathfinder.com.
>
> You can either mail me or mail Noah directly.
>
> Thanks,
>
> Troy
Um.. 2.0.10 does NOT have any preventative measures to prevent people from
syn flooding.. Now as for protection, its weak.. what it appears to me
is that after the first volley of syn packets to a port, it will fork a
process on the second and all other attempts (by looking at tcp wrapper
logs), much the way solaris (least 2.3) does it..
While a Syn flood is VERY possible from the machine, and it is possible
to do more lethal packet games to a box, a syn flood still does cause a
high system load since the machine is forkinnng processes (which take
both memory and cpu) and if you have tcp wrappers try to pull ident information
and such.. However its better than nothing..
The first volley of syn packets may fork a process (since during a non
scientific flood its hard to tell which packet (via netstat even) if from
where).. Anyway, its sorta protection, but one will raise system load
and memory consumption..
