[1074] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] syn floods

daemon@ATHENA.MIT.EDU (thought)
Mon Aug 26 07:23:41 1996

From: thought <route@infonexus.com>
To: kit@connectnet.com (Kit Knox)
Date: Sun, 25 Aug 1996 11:12:39 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu, poodge@econ.Berkeley.EDU
In-Reply-To: <Pine.LNX.3.95.960825085823.103A-100000@irc.connectnet.com> from "Kit Knox" at Aug 25, 96 09:04:29 am

Kit Knox's thoughts were:

| I haven't seen cases of kernel crashes, just the listen() buffer is filled
| up until the SYN's time out.

	I have.  On 1.2.13 kernels (and prolly anything before-- dunno 
	about 2.0.x) you can flood a host with 10 forged connection
	requests on every listening TCP port.  This will in effect stop
	all TCP based network connectivity.  The new issue of Phrack 
	(due out by Monday) will have a complete discussion of this.

| Here is a script that I wrote to help combat syn floods.  It requires the
| use of snuke which spoofs ICMP_DEST_UNREACH in order to allow for the
| fixing of syn floods on virtual interfaces and the such.

	Hmmm... Interesting...

-- 
[ route@infonexus.com ]  Editor, Phrack Magazine / Guild Corporation Chair

	       the greatest trick the devil ever pulled was
		   convincing the world he didn't exist

home help back first fref pref prev next nref lref last post