[1068] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] inetd and denial-of-service

daemon@ATHENA.MIT.EDU (thought)
Sun Aug 25 05:13:07 1996

From: thought <route@infonexus.com>
To: poodge@econ.Berkeley.EDU (Sam Quigley)
Date: Sat, 24 Aug 1996 22:53:44 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.SUN.3.91.960822104408.7780C-100000-RESENT@quesnay.Berkeley.EDU> from "Sam Quigley" at Aug 22, 96 10:46:20 am

-----BEGIN PGP SIGNED MESSAGE-----

Sam Quigley's thoughts were:

| 
| I don't know a whole hell of a lot about xinetd, but I do know that it 
| allows some sort of control over connections in the same style that TCP 
| wrappers does.  Perhaps xinetd would be a good solution for this?

	Neither TCPd nor xinetd will stop SYN floods.  Even if you deny
	all but trusted (read: known to be reachable) sites, you are still
	vulnerable to TCP SYN floods.  TCPd and it's ilk rely on the 3-way 
	handshake being completed before the filter rules take effect.  
	A SYN flood only satisfies 1/3 of the 3-way handshake.  A packet 
	filter that only allows trusted packets and drops all others will 
	stop a common SYN flood.

- -- 
[ route@infonexus.com ]  Editor, Phrack Magazine / Guild Corporation Chair

	       the greatest trick the devil ever pulled was
		   convincing the world he didn't exist

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh/qYwtXkSokWGapAQHP3AP/U0i5inHHXQC2mHzzTnDyXCYYljMqg5i9
Qm/TMjH41DGmLo107ygRXQA7PfUrrVrMPKwayoQx6Lft03LMzVdVgfL+SYEQ6nOk
o36fW+Oz1MRz7RdZu/dl9WVNVAlR481ZHGPXaEM9X7MbTDLf6u+e3kc1laeg1Xkk
eaHCbXXz8/Q=
=x1vb
-----END PGP SIGNATURE-----

[REW: As far as I understand SYN floods, you simply send lots of "SYN"
packets. This either causes a kernel crash or a denial of service. 
Userspace is only informed when three packets have been transmitted
back and forth. Thus the kernel would need to be modified to do something
about it.]


home help back first fref pref prev next nref lref last post