[1068] in linux-security and linux-alert archive
Re: [linux-security] inetd and denial-of-service
daemon@ATHENA.MIT.EDU (thought)
Sun Aug 25 05:13:07 1996
From: thought <route@infonexus.com>
To: poodge@econ.Berkeley.EDU (Sam Quigley)
Date: Sat, 24 Aug 1996 22:53:44 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.SUN.3.91.960822104408.7780C-100000-RESENT@quesnay.Berkeley.EDU> from "Sam Quigley" at Aug 22, 96 10:46:20 am
-----BEGIN PGP SIGNED MESSAGE-----
Sam Quigley's thoughts were:
|
| I don't know a whole hell of a lot about xinetd, but I do know that it
| allows some sort of control over connections in the same style that TCP
| wrappers does. Perhaps xinetd would be a good solution for this?
Neither TCPd nor xinetd will stop SYN floods. Even if you deny
all but trusted (read: known to be reachable) sites, you are still
vulnerable to TCP SYN floods. TCPd and it's ilk rely on the 3-way
handshake being completed before the filter rules take effect.
A SYN flood only satisfies 1/3 of the 3-way handshake. A packet
filter that only allows trusted packets and drops all others will
stop a common SYN flood.
- --
[ route@infonexus.com ] Editor, Phrack Magazine / Guild Corporation Chair
the greatest trick the devil ever pulled was
convincing the world he didn't exist
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMh/qYwtXkSokWGapAQHP3AP/U0i5inHHXQC2mHzzTnDyXCYYljMqg5i9
Qm/TMjH41DGmLo107ygRXQA7PfUrrVrMPKwayoQx6Lft03LMzVdVgfL+SYEQ6nOk
o36fW+Oz1MRz7RdZu/dl9WVNVAlR481ZHGPXaEM9X7MbTDLf6u+e3kc1laeg1Xkk
eaHCbXXz8/Q=
=x1vb
-----END PGP SIGNATURE-----
[REW: As far as I understand SYN floods, you simply send lots of "SYN"
packets. This either causes a kernel crash or a denial of service.
Userspace is only informed when three packets have been transmitted
back and forth. Thus the kernel would need to be modified to do something
about it.]